cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

3773
Views
0
Helpful
4
Replies
Highlighted
Beginner

How to configure ACS 5.2 and Checkoint for firewall admin using TACACS

Hi,

Can somebody show how to configure ACS 5.2 for device administration of Checkpoint firewalls and security management servers?

thanks

4 REPLIES 4
Highlighted
Beginner

How to configure ACS 5.2 and Checkoint for firewall admin using

Hi,

I have created a "Authorization Profile" with a new "Shell Profile" policy.

In the policy i manualy entered this attributes:

Nokia-IPSO-SuperUser-Access=1

Nokia-IPSO-User-Role=adminRole

"adminRole" is a Checkpoint default role. You can create your own role and change these in your Shell Profile if needed.

The attribute are set to mandatory for this Shell Profile.

Regards

Highlighted
Beginner

How to configure ACS 5.2 and Checkoint for firewall admin using

Hi Thomas,

Thanks for the reply,  this is for firewall gateway running IPSO, but how about the Security management server for checkpoint?

regards,

Marlon

Highlighted
Beginner

Re: How to configure ACS 5.2 and Checkoint for firewall admin us

Hi Marlon,

we use TACACS only to authenticate user against our Security Management Server, but for authorization there is a local user configured which refers to the TACACS user.

If you use Provider-1, look at page 54.

http://dl3.checkpoint.com/paid/53/CheckPoint_R65_Provider1_AdminGuide.pdf?HashKey=1344278626_b260a4b6b3969325ae6bb4fc12d66871&xtn=.pdf

In Cisco ACS, you configure an "Authorization Profile" and add only the Shell Profile "Permit Access"

Thomas

Highlighted
Beginner

How to configure ACS 5.2 and Checkoint for firewall admin using

Hi Thomas,

Thanks for the reply, but i dont have enough privilege to access the link. will u able to share it?