Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
958
Views
0
Helpful
4
Replies

ISE Device Admin with Checkpoint Firewalls.

Anthony O'Reilly
Level 7
Level 7

‎03-06-2026 05:32 AM

Hello,

I have a request from a customer who have a two node Cisco ISE deployment.

They are currently using it for Wired and Wireless NAC with Device Admin for the branch switches.

They have requested that they would like to add their ASAs and Checkpoint firewalls to the Device Admin on ISE via their AD. AD is already integrated with ISE.

For the ASA, I don't see an issue, ISE will be able to Authenticate and Authorize users logging in. The ASA will be able to do TACACS+ AuthC and AuthZ via ISE.

For the Checkpoint, this is the grey area for me.

For the Gaia OS (CLI) they can use TACP role? ISE can return a TACACS AuthC for the user login and using RBAC on the Chckpoint, ISE can return TACACS+ custom AuthZ attributes which Gaia accepts. 

 
What about the SmartConsole, this is the GUI. Am I right in saying that the GUI used Server Roles and not RBAC like Gaia?? Therefore ISE will only be able to to AuthC the user logging into the SmartConsole.
 
They want to add 20 of these devices to the Device Administration. Does this mean extra licensing?
 
Thanks
Anthony.

 

0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎03-06-2026 06:18 AM

smart console / manage and settings add Servers / TACACS or Radius .

You need to look at the checkpoint guide on how you can guide as below :

https://sc1.checkpoint.com/documents/SMB_R81.10.X/AdminGuides_Locally_Managed/EN/Content/Topics/Managing-Authentication-Servers.htm

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Anthony O'Reilly
Level 7
Level 7

‎03-06-2026 06:21 AM

Thanks @balaji.bandi for this but this doesn't stipulate between Gaia and SmartConsole. I want to get clarification that TACACS+ via ISE can do AuthC and AuthZ for Checkpoint GUI and CLI.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Anthony O'Reilly

‎03-06-2026 08:53 AM

Just to be clear, we are discussing device administration rights.

Smart Console and GUI of GAIA work, never tested CLI, since CLI only allowed access to admin, until there is a requirement for access to CLI (since cli have powerful shell access on Check Point View) - i would avoid that until there is a requirement needed.

It should be possible to check on the checkpoint guides.

 

 

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

ahollifield
VIP
VIP

‎03-06-2026 03:14 PM - edited ‎03-06-2026 03:15 PM

Why not use SAML for the GUI?

SAML everywhere you can. RADIUS/TACACS+ only where you must.

0 Helpful
Customers Also Viewed These Support Documents