Identity Collector - Working with a Cisco Identity Services Engine (ISE) Server
You can configure Identity Collector
Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses and sends it to the Check Point Security Gateways for identity enforcement, you can download the Identity Collector package from the Support Center. to take identity information from Cisco ISE servers over Platform Exchange Grid (PXGrid) send it to Identity Servers for identity-based enforcement.
To configure the Identity Collector to work with Cisco ISE:
-
In the Identity Collector, add a new Cisco ISE Server as an Identity Source.
Procedure
-
Open the Identity Collector application.
-
From the left navigation toolbar, click Identity Sources.
-
From the top toolbar, click New Source > Cisco ISE.
-
Enter the ISE Server Name to appear in the Identity Collector.
-
Enter the Server Settings:
-
Primary Node - Enter the resolvable FQDN of the primary pxGrid node (or the standalone
Configuration in which the Security Gateway and the Security Management Server products are installed and configured on the same server. node). -
Secondary Node - Enter the resolvable FQDN of the secondary pxGrid node. Only necessary in distributed pxGrid environment with more than one pxGrid node.
-
Site - (Optional) Enter a Site name.
-
Certificate File - Select the ISE Server certificate file (in
jksformat). This file contains certificates of primary PxGrid, secondary PxGrid, and MnT nodes. See Cisco pxGrid documentation for instructions to export Cisco ISE certificates to thejksfile. -
Certificate Key - Enter the key for the ISE Server certificate file.
-
Machine Name - Enter the resolvable FQDN of the Identity Collector client computer. Then the ISE Server pxGrid client list shows this FQDN (Administration > pxGrid Services > Client Name), and it must be approved.
-
-
Enter the Client Settings:
-
Certificate File - Select the Identity Collector certificate file (in
jksformat), generated by the ISE Server. See the Cisco pxGrid documentation. -
Certificate Key - Enter the key for the Identity Collector certificate file.
Enter the Client Settings:
-
-
Click OK.
-
-
In the Identity Collector, add a new Query Pool, or edit a current Query Pool.
-
In the Identity Collector, add a new Filter for the login events, or edit a current Filter.
-
Connect the Identity Collector to the Check Point Identity Server
Check Point Security Gateway with enabled Identity Awareness Software Blade..See Identity Collector - Connecting to an Identity Awareness Gateway
Parsing Events with "Postured" Status as Login Events
By default, Identity Collector does not parse Cisco ISE events with "Postured" status as login events in Cisco PxGrid 2.0. To configure Identity Collector to parse such events, set values of Windows Registry parameters on the server where Identity Collector is installed. This feature is available starting from Identity Collector version 82.120.0000.
Prerequisites
-
The "
state" of the Cisco ISE event must be "Postured". -
The Cisco ISE event must include a "
postureStatus" with one of these values:-
Compliant -
Pending -
NonCompliant -
Unknown
-
Example Event
This is an example of a "Postured" Cisco ISE event that Identity Collector can parse.
{
"sessions": [
{
...
"state": "POSTURED",
"userName": "USER",
"ipAddresses": [
"1.2.3.4"
],
...
"postureStatus": "Compliant",
...
}
],
...
}To configure Identity Collector to parse events with "Postured" status:
-
On the Windows server where Identity Collector is installed, stop the Identity Collector service.
-
In the Windows registry, go to "
HKLM\SOFTWARE\WOW6432Node\CheckPoint\IdentityCollector\". -
Set the value of the "
EnableIsePosturedEvents" registry key to1. -
Set the value of the "
AcceptablePostureEvents" registry key to one or more posture statuses for Identity Collector to parse as login events. Put a semicolon between names of posture statuses.For example:
Compliant;Pending;NonCompliant;Unknown -
Start the Identity Collector service.