I guess my confusion is that Checkpoint will not understand a random username. For example if we have an anonymous guest with user '883883' how is that handles in Checkpoint?
I get that for AD users this makes sense as Checkpoint can be aware of domain users, and when it gets passed a username it can find this user in AD, and then apply rules based on AD Groups.
However for a guest user if we just pass the guest username how will checkpoint know if its a Guest or a contractor? Looking in clearpass the actions for the Checkpoint is:
[{"command":"add_user","username":"%{name}","ip":"%{ip}", "machine_name":"%{machine}","domain":"%{domain}",......
Could we change it up so that it says something like:
[{"command":"add_user","username":"%{role}","ip":"%{ip}", "machine_name":"%{machine}","domain":"%{domain}",.......
Would this pass the TIPS role as the username? Then we could fake it by creating users in AD with the username set to our clearpass roles? Then Checkpoint could lookup these 'users' and find a group. We could then write rules in checkpoint with these groups?
I guess my confusion lies in how Checkpoint uses this information, and what the best information would be to pass for guest users?
Thanks,
_ELiasz