cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
753
Views
0
Helpful
1
Replies

CISCO ISE integrate with checkpoint using Tacacs+

Ragavi
Beginner
Beginner

We are in the process of integrating cisco ISE with Checkpoint using Tacacs+.
We have configured and able to authenticate successfully, but having issue with authorization.

 

 

Currently configured in device:

 

Checkpoint Config:

  1. HostName> add rba role TACP-0 domain-type System readwrite-features tacacs_enable
  2. HostName> add rba role TACP-15 domain-type System all-features
  3. HostName> add aaa tacacs-servers priority 1 server <IP_ADDRESS_of_ISE_SERVER> key <KEY> timeout 5
  4. HostName> set aaa tacacs-servers state on
  5. HostName> set aaa tacacs-servers user-uid 0

 

 

Cisco ISE:

Custom attributes:

Type= MANDATORY Name = CheckPoint-SuperUser-Access Value=1

 

 

we need to create two roles 'TACP-0' and 'TACP-15' but how do we map this on the TACACS+ server.

Tried searching related KB article in cisco as well as in checkpoint but no luck. can anyone suggest me solution regarding this.

1 Reply 1

balaji.bandi
VIP Guru VIP Guru
VIP Guru

Not great experience i had same, the read-only we have created Local Checkpoint, admin will use ISE as remidation we did.

 

R80 we are using, since we had only 2 users, not much bother to look later to fix the issue, since more of our admin working with ISE and LDAP auth.

 

check this may help you :

 

https://community.cisco.com/t5/network-access-control/cisco-ise-tacacs-authorization-and-checkpoint-firewall/td-p/3190223

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers