Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2224
Views
0
Helpful
1
Replies

CISCO ISE integrate with checkpoint using Tacacs+

Ragavi
Level 1
Level 1

‎03-16-2022 05:46 AM

We are in the process of integrating cisco ISE with Checkpoint using Tacacs+.
We have configured and able to authenticate successfully, but having issue with authorization.

 

 

Currently configured in device:

 

Checkpoint Config:

  1. HostName> add rba role TACP-0 domain-type System readwrite-features tacacs_enable
  2. HostName> add rba role TACP-15 domain-type System all-features
  3. HostName> add aaa tacacs-servers priority 1 server <IP_ADDRESS_of_ISE_SERVER> key <KEY> timeout 5
  4. HostName> set aaa tacacs-servers state on
  5. HostName> set aaa tacacs-servers user-uid 0

 

 

Cisco ISE:

Custom attributes:

Type= MANDATORY Name = CheckPoint-SuperUser-Access Value=1

 

 

we need to create two roles 'TACP-0' and 'TACP-15' but how do we map this on the TACACS+ server.

Tried searching related KB article in cisco as well as in checkpoint but no luck. can anyone suggest me solution regarding this.

0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎03-16-2022 06:22 AM

Not great experience i had same, the read-only we have created Local Checkpoint, admin will use ISE as remidation we did.

 

R80 we are using, since we had only 2 users, not much bother to look later to fix the issue, since more of our admin working with ISE and LDAP auth.

 

check this may help you :

 

https://community.cisco.com/t5/network-access-control/cisco-ise-tacacs-authorization-and-checkpoint-firewall/td-p/3190223

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents