Wireless Access

Reply
New Contributor
Posts: 4
Registered: ‎04-29-2014

Check Point Identity Awareness with Certificate based authentication

Hello,

 

Anyone using Check Point's Identity Awareness with Aruba wireless solution?

 

Check Point can be configured to grab RADIUS accounting or IF-MAP information in order to match up users to AD.

 

I'm the firewall person and really not the wireless person but I think I have my terminology correct. 

We are on boarding using cert based user authentication against the controller.

 

We were intermittently able to get the controller to send out RADIUS accounting updates but not every time someone logged in.

 

Just wondering if anyone has got this mix in their network ?

 

Thanks

-pat13b

Guru Elite
Posts: 8,322
Registered: ‎09-08-2010

Re: Check Point Identity Awareness with Certificate based authentication

Do you have interim-accounting enabled?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 4
Registered: ‎04-29-2014

Re: Check Point Identity Awareness with Certificate based authentication

Thanks for the quick reply.  Yes that's enabled. 

Is is possible if you are not using RADIUS authentication for the users, then RADIUS accounting doesn't work ??

 

-pat13b

Guru Elite
Posts: 8,322
Registered: ‎09-08-2010

Re: Check Point Identity Awareness with Certificate based authentication

Also, the controllers support IF-MAP but I believe the data is formatted for ClearPass. You could try and configure it to point to your CheckPoint devices. Not sure if it will work but it's worth a shot.

 

(config) #ifmap cppm
(CPPM IF-MAP Profile) # server host <checkpoint-ip> port <port> username <username> passwd <passwd>
(CPPM IF-MAP Profile) # enable

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 8,322
Registered: ‎09-08-2010

Re: Check Point Identity Awareness with Certificate based authentication

[ Edited ]

Correct. RADIUS accounting will only with with 802.1X or MAC-Auth and you must specify a RADIUS accounting server-group in your AAA profile.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 4
Registered: ‎04-29-2014

Re: Check Point Identity Awareness with Certificate based authentication

Thanks for this info.  We did try the IF-MAP to check point but no good.

 

-pat13b

New Contributor
Posts: 4
Registered: ‎04-29-2015

Re: Check Point Identity Awareness with Certificate based authentication

Hi Pat, Any updates on this issue...?
New Contributor
Posts: 4
Registered: ‎04-29-2014

Re: Check Point Identity Awareness with Certificate based authentication


AKKO wrote:
Hi Pat, Any updates on this issue...?

Hello,
We were suppose to have a fix for this in Dec of 2014. But We heard nothing back from Check Point.  It appears at least from a Customer perspective that Check Point and Aurba don't have a very good working releationship.

It ended up not being a problem anyway because we went away from cert authentication and are now just doing 802.1x.  This will grab the workstation identities.

 

-pat13b

New Contributor
Posts: 4
Registered: ‎04-29-2015

Re: Check Point Identity Awareness with Certificate based authentication

[ Edited ]

Thanks for replying Pat.

 

We've been looking at the following however appears problematic with IAPs / RADIUS when roaming.

https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=17063

Search Airheads
Showing results for 
Search instead for 
Did you mean: