Showing results for 
Search instead for 
Did you mean: 
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


Cisco ISE Tacacs+ Authorization and Checkpoint Firewall

Configuration Done ON ISE



Policy Elements::

  • Device Administration
    • Tacacs+ Profiles
      • CheckPoint
        • 1. General tab
          • Name: CheckPoint
          • Description: CheckPoint Firewall
        • 2. Custom Attibutes tab
          • Attribute/Requirement/Value:
            • CheckPoint-SuperUser-Access=1
            • Mandatory
            • 1
          • Attribute/Requirement/Value:
            • Checkpoint-User-Role=adminRole
            • Mandatory
            • adminRole


Configuration on CheckPoint


Configure Gaia OS

To be able to login to Gaia OS with TACACS+ user, configure the role TACP-0, and for every privileged level "X" that will be used with tacacs_enable, define the rule TACP-"X".


  1. HostName> add rba role TACP-0 domain-type System readwrite-features tacacs_enable
    • Use the enable password configured on the ACS server.
    • The enable password is valid for all privileged levels.
    HostName> add rba role TACP-15 domain-type System all-features
    HostName> save config
    HostName> show configuration rba
  2. HostName> add aaa tacacs-servers priority 1 server <IP_ADDRESS_of_ACS_SERVER> key <KEY> timeout 3
    HostName> set aaa tacacs-servers state on
    HostName> set aaa tacacs-servers user-uid 0
    HostName> save config
    HostName> show configuration aaa


I had done the above configuration I am able to authenticate but the user is not able to get Level 15 privilege.

I tried to find out documents related to this didn't find out anything on both side ie Cisco and CheckPoint. Please help me in regard to this. If anyone having any case study related to this kindly share with me.


Re: Cisco ISE Tacacs+ Authorization and Checkpoint Firewall

Has anyone been able to get TACACS to work with CheckPoint 80.11 and CISE 2.2?

Re: Cisco ISE Tacacs+ Authorization and Checkpoint Firewall

perhaps using this guide :

it states : "After login, you can use the Gaia Clish command 'tacacs_enable TACP-15' to gain full privileges."


Didn't tried for now, feedback appreciated



Re: Cisco ISE Tacacs+ Authorization and Checkpoint Firewall

I was in GUI. Tried leverage the privilege by clicking the TACACS+ Enable command. I selected the TACP-15. But it shows authentication failed. On ISE, I am not able to see the authentication request coming in.