Wireless Access

Reply
New Contributor

Check Point Identity Awareness with Certificate based authentication

Hello,

 

Anyone using Check Point's Identity Awareness with Aruba wireless solution?

 

Check Point can be configured to grab RADIUS accounting or IF-MAP information in order to match up users to AD.

 

I'm the firewall person and really not the wireless person but I think I have my terminology correct. 

We are on boarding using cert based user authentication against the controller.

 

We were intermittently able to get the controller to send out RADIUS accounting updates but not every time someone logged in.

 

Just wondering if anyone has got this mix in their network ?

 

Thanks

-pat13b

Guru Elite

Re: Check Point Identity Awareness with Certificate based authentication

Do you have interim-accounting enabled?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor

Re: Check Point Identity Awareness with Certificate based authentication

Thanks for the quick reply.  Yes that's enabled. 

Is is possible if you are not using RADIUS authentication for the users, then RADIUS accounting doesn't work ??

 

-pat13b

Guru Elite

Re: Check Point Identity Awareness with Certificate based authentication

Also, the controllers support IF-MAP but I believe the data is formatted for ClearPass. You could try and configure it to point to your CheckPoint devices. Not sure if it will work but it's worth a shot.

 

(config) #ifmap cppm
(CPPM IF-MAP Profile) # server host <checkpoint-ip> port <port> username <username> passwd <passwd>
(CPPM IF-MAP Profile) # enable

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite

Re: Check Point Identity Awareness with Certificate based authentication

Correct. RADIUS accounting will only with with 802.1X or MAC-Auth and you must specify a RADIUS accounting server-group in your AAA profile.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor

Re: Check Point Identity Awareness with Certificate based authentication

Thanks for this info.  We did try the IF-MAP to check point but no good.

 

-pat13b

New Contributor

Re: Check Point Identity Awareness with Certificate based authentication

Hi Pat, Any updates on this issue...?
New Contributor

Re: Check Point Identity Awareness with Certificate based authentication


AKKO wrote:
Hi Pat, Any updates on this issue...?

Hello,
We were suppose to have a fix for this in Dec of 2014. But We heard nothing back from Check Point.  It appears at least from a Customer perspective that Check Point and Aurba don't have a very good working releationship.

It ended up not being a problem anyway because we went away from cert authentication and are now just doing 802.1x.  This will grab the workstation identities.

 

-pat13b

New Contributor

Re: Check Point Identity Awareness with Certificate based authentication

Thanks for replying Pat.

 

We've been looking at the following however appears problematic with IAPs / RADIUS when roaming.

https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=17063

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: