cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2498
Views
10
Helpful
3
Replies

Adding 3rd party firewall to ISE using RADIUS.

JohnNetEng
Level 1
Level 1

I'm having trouble adding a Checkpoint firewall to ISE 2.4. I've been following a blog where the author claims to have successfully added it to ISE 2.1, (here http://mdtnets.blogspot.com/2016/07/checkpoint-gaia-radius-authentication.html).

 

In the part where he gets to "Authentication Policy" I assume it's been replaced by Policy Sets. Running into trouble setting up the conditional "If DEVICE:Device Type Equals Device Type#All Device Types#Checkpoint"

 

I can do the"if DEVICE:Device Type Equals: All Device Types" but am not given an option for any other parameters. Am I missing something here?

2 Accepted Solutions

Accepted Solutions

paul
Level 10
Level 10

You define your network device groups (NDGs) on the Administration->Network Resources->Network Device Groups screen.  Under the Device Type NDG you add a new entry called "Checkpoint".  Then you have to add the Checkpoints into ISE as Network Devices (Administration->Network Resources->Network Devices).  You assign them to the correct NDG Device Type, enter their name, IP and RADIUS shared secret.  Now you are setup.  

 

You can build a policy set whose admission criteria is Device Type = Checkpoint and build the rules you want.

View solution in original post

Cory Peterson
Level 5
Level 5

You need to add the device group yourself:

Screenshot_1.pngScreenshot_2.png

 

Then add the Device to the group:

Screenshot_3.png

 

 

View solution in original post

3 Replies 3

paul
Level 10
Level 10

You define your network device groups (NDGs) on the Administration->Network Resources->Network Device Groups screen.  Under the Device Type NDG you add a new entry called "Checkpoint".  Then you have to add the Checkpoints into ISE as Network Devices (Administration->Network Resources->Network Devices).  You assign them to the correct NDG Device Type, enter their name, IP and RADIUS shared secret.  Now you are setup.  

 

You can build a policy set whose admission criteria is Device Type = Checkpoint and build the rules you want.

Cory Peterson
Level 5
Level 5

You need to add the device group yourself:

Screenshot_1.pngScreenshot_2.png

 

Then add the Device to the group:

Screenshot_3.png

 

 

Thanks a lot. This worked.