We are in the process of integrating cisco ISE with Checkpoint using Tacacs+.
We have configured and able to authenticate successfully, but having issue with authorization.
Currently configured in device:
Checkpoint Config:
- HostName> add rba role TACP-0 domain-type System readwrite-features tacacs_enable
- HostName> add rba role TACP-15 domain-type System all-features
- HostName> add aaa tacacs-servers priority 1 server <IP_ADDRESS_of_ISE_SERVER> key <KEY> timeout 5
- HostName> set aaa tacacs-servers state on
- HostName> set aaa tacacs-servers user-uid 0
Cisco ISE:
Custom attributes:
Type= MANDATORY Name = CheckPoint-SuperUser-Access Value=1
we need to create two roles 'TACP-0' and 'TACP-15' but how do we map this on the TACACS+ server.
Tried searching related KB article in cisco as well as in checkpoint but no luck. can anyone suggest me solution regarding this.