04-29-2014 01:05 PM
Anyone using Check Point's Identity Awareness with Aruba wireless solution?
Check Point can be configured to grab RADIUS accounting or IF-MAP information in order to match up users to AD.
I'm the firewall person and really not the wireless person but I think I have my terminology correct.
We are on boarding using cert based user authentication against the controller.
We were intermittently able to get the controller to send out RADIUS accounting updates but not every time someone logged in.
Just wondering if anyone has got this mix in their network ?
04-29-2014 01:13 PM
Thanks for the quick reply. Yes that's enabled.
Is is possible if you are not using RADIUS authentication for the users, then RADIUS accounting doesn't work ??
04-29-2014 01:14 PM
Also, the controllers support IF-MAP but I believe the data is formatted for ClearPass. You could try and configure it to point to your CheckPoint devices. Not sure if it will work but it's worth a shot.
(config) #ifmap cppm (CPPM IF-MAP Profile) # server host <checkpoint-ip> port <port> username <username> passwd <passwd> (CPPM IF-MAP Profile) # enable
04-29-2014 01:15 PM - edited 04-29-2014 01:15 PM
05-04-2015 08:56 AM
Hi Pat, Any updates on this issue...?
We were suppose to have a fix for this in Dec of 2014. But We heard nothing back from Check Point. It appears at least from a Customer perspective that Check Point and Aurba don't have a very good working releationship.
It ended up not being a problem anyway because we went away from cert authentication and are now just doing 802.1x. This will grab the workstation identities.
05-05-2015 05:56 PM - edited 05-05-2015 05:57 PM
Thanks for replying Pat.
We've been looking at the following however appears problematic with IAPs / RADIUS when roaming.