Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Check Point Identity Awareness with Certificate based authentication

This thread has been viewed 2 times

  • 1.  Check Point Identity Awareness with Certificate based authentication

    Posted Apr 29, 2014 04:06 PM

    Hello,

     

    Anyone using Check Point's Identity Awareness with Aruba wireless solution?

     

    Check Point can be configured to grab RADIUS accounting or IF-MAP information in order to match up users to AD.

     

    I'm the firewall person and really not the wireless person but I think I have my terminology correct. 

    We are on boarding using cert based user authentication against the controller.

     

    We were intermittently able to get the controller to send out RADIUS accounting updates but not every time someone logged in.

     

    Just wondering if anyone has got this mix in their network ?

     

    Thanks

    -pat13b



  • 2.  RE: Check Point Identity Awareness with Certificate based authentication

    EMPLOYEE
    Posted Apr 29, 2014 04:08 PM
    Do you have interim-accounting enabled?


  • 3.  RE: Check Point Identity Awareness with Certificate based authentication

    Posted Apr 29, 2014 04:13 PM

    Thanks for the quick reply.  Yes that's enabled. 

    Is is possible if you are not using RADIUS authentication for the users, then RADIUS accounting doesn't work ??

     

    -pat13b



  • 4.  RE: Check Point Identity Awareness with Certificate based authentication

    EMPLOYEE
    Posted Apr 29, 2014 04:15 PM

    Correct. RADIUS accounting will only with with 802.1X or MAC-Auth and you must specify a RADIUS accounting server-group in your AAA profile.



  • 5.  RE: Check Point Identity Awareness with Certificate based authentication

    Posted Apr 29, 2014 04:24 PM

    Thanks for this info.  We did try the IF-MAP to check point but no good.

     

    -pat13b



  • 6.  RE: Check Point Identity Awareness with Certificate based authentication

    Posted May 02, 2015 08:05 AM
    Hi Pat, Any updates on this issue...?


  • 7.  RE: Check Point Identity Awareness with Certificate based authentication

    Posted May 04, 2015 11:56 AM
    @AKKO wrote:
    Hi Pat, Any updates on this issue...?

    Hello,
    We were suppose to have a fix for this in Dec of 2014. But We heard nothing back from Check Point.  It appears at least from a Customer perspective that Check Point and Aurba don't have a very good working releationship.

    It ended up not being a problem anyway because we went away from cert authentication and are now just doing 802.1x.  This will grab the workstation identities.

     

    -pat13b



  • 8.  RE: Check Point Identity Awareness with Certificate based authentication

    Posted May 05, 2015 08:57 PM

    Thanks for replying Pat.

     

    We've been looking at the following however appears problematic with IAPs / RADIUS when roaming.

    https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=17063



  • 9.  RE: Check Point Identity Awareness with Certificate based authentication

    EMPLOYEE
    Posted Apr 29, 2014 04:15 PM

    Also, the controllers support IF-MAP but I believe the data is formatted for ClearPass. You could try and configure it to point to your CheckPoint devices. Not sure if it will work but it's worth a shot.

     

    (config) #ifmap cppm
(CPPM IF-MAP Profile) # server host <checkpoint-ip> port <port> username <username> passwd <passwd>
(CPPM IF-MAP Profile) # enable