I was wondering if anyone has tried to setup any context server integration with CPPM and Checkpoint firewalls.
Our end goal is to enable checkpoint to apply different firewall policies to different roles of guest. What we would like to do is to write rules in Checkpoint based on user roles defined in Clearpass and Aruba, and have Checkpoint apply different rules based on these roles.
Does anyone have any documentation of having CPPM talk to Checkpoint to pass user/group/role information, and then how this can be processed inside Checkpoint? I believe i heard from someone in the past that this might be possible using the Generic HTTP context server in 6.5, but i can't find much information about how this works.
I guess my confusion is that Checkpoint will not understand a random username. For example if we have an anonymous guest with user '883883' how is that handles in Checkpoint?
I get that for AD users this makes sense as Checkpoint can be aware of domain users, and when it gets passed a username it can find this user in AD, and then apply rules based on AD Groups.
However for a guest user if we just pass the guest username how will checkpoint know if its a Guest or a contractor? Looking in clearpass the actions for the Checkpoint is:
Could we change it up so that it says something like:
Would this pass the TIPS role as the username? Then we could fake it by creating users in AD with the username set to our clearpass roles? Then Checkpoint could lookup these 'users' and find a group. We could then write rules in checkpoint with these groups?
I guess my confusion lies in how Checkpoint uses this information, and what the best information would be to pass for guest users?
I'll hopefully have the CheckPoint TechNote released early next week....
The context server actions in 6.5 will not help you currently.... they are in there for a release of FW-1 that is not FCS yet.
Thanks for the quick reply Danny. I look forward to checking out the TechNote when its available.
CheckPoint Integration TechNote 1.2
Check here for all the latest technotes
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.