Solved: Re: Checkpoint pxGrid Integration

vibobrov · ‎05-20-2016

Hi Folks,

Do we have any guides on integrating Checkpoint with pxGrid for identity awareness?

Thanks

jeppich · ‎05-20-2016

Hey Jason, Viktor,

Currently working on this, will send out a draft when completed.

Thanks,

John

View solution in original post

Jason Kunst · ‎05-20-2016

Forwarded to SME to respond

jeppich · ‎05-20-2016

Hey Jason, Viktor,

Currently working on this, will send out a draft when completed.

Thanks,

John

tuenoerg · ‎08-25-2016

Hi,

Are we any closer on this ?

We have a workshop with a large Danish government service - that is looking into integration ISE and Checkpoint (primarily for SGT use) via PxGrid.

Can anyone help with documentation and list over things that might not work ?

Best regards

Tue

jeppich · ‎08-25-2016

Hey Tue,

Checkpoint is still in the process of pxGrid certification, there is no official code available. I am expecting a beta build next week. When i have more details i will follow-up with you. In the meanwhile, what version of ISE are they using?

Thanks,

John

jeppich@cisco.com

tuenoerg · ‎08-25-2016

Hi John,

Thank you so much..

At the moment the customer is using 2.0.1 for their remaining ISE installation - but an upgrade to 2.1 is not unlikely.

I would really like to know more when something is available.

br

Tue

jeppich · ‎08-26-2016

Hey Tue,

Yup, absolutely, please email me your contact information.

Thanks,

John

jeppich@cisco.com

Mikael Gustafsson · ‎09-13-2016

Hi John,

Also interested in information around this if possible?

I have customer were we are looking in to segmentation right now and Trustsec would be the way to go if it is feasible to use with Check Point.

Cheers

jeppich · ‎09-13-2016

Hey Mikael,

No, not yet, Checkpoint is still in the development phase.

Thanks,

John

jeppich@cisco.com

ronnie.rockey · ‎11-23-2016

Hi John,

Is there any development on this yet. I have customer where he is trying to integrate checkpoint and pxgrid.

Checkpoint doesnt show any username from the pxgrid service.

Thanks

Ronnie

jeppich · ‎11-23-2016

Hey Ronnie,

Checkpoint is still in development. They do not have a productional product yet.

Thanks,
John

jeppich@cisco.com

TomKaspar · ‎12-30-2016

Hi Rockey,

I have function testing integration in my lab. I can see idenity from ISE in my Check Point firewall.

[Expert@POC-ISE:0]# pdp monitor user Tomas

Session: 0c4cf14f

Session UUID: {0C46EB3F-088B-5EB5-4025-FE390781F2AA}

Ip: 172.32.255.18

Users:

Tomas@domain.lab{5133fbce}

Groups: ad_user_Tomas;All Users

Roles: Access-Tomas

Client Type: Identity Collector (Cisco ISE)

Authentication Method: Trust

Connect Time: Fri Dec 30 10:01:09 2016

Next Reauthentication: Fri Dec 30 10:31:39 2016

Next Connectivity Check: -

Packet Tagging Status: Not Active

Published Gateways: Local

I can see indentity in SmartViewTracker and I can use Access-role in firewall rules.

Regards,

Tomas

tuenoerg · ‎12-30-2016

Hi Tomas,

Is that done with PxGrid ?

If not - how so ?

Do you have some documentation ?

best regards and a happy new year.

Tue

TomKaspar · ‎12-30-2016

Hi Tue Frei,

Yes, I am using PxGrind connection to ISE server. I use Check Point application Identity Collector. This collector is connected to ISE and Check Point firewall.

Here is documentation: http://dl3.checkpoint.com/paid/1e/1ea10fa512567972a7aea14df4df90a3/CP_R77.30Hotfix_IdentityCollector_ReleaseNotes.pdf?Ha…

I dont't know is it officialy supported from Check Point. I tried write on Check Point support.

Best Regards,

Tomas

jeppich · ‎12-30-2016

Hi Tomas,

Checkpoint is in the process of being pxGrid certified, I am working on the documentation details. When i have these available I will let you know.

Thanks,

John

jeppich@cisco.com