Identity Collector - Working with a Cisco Identity Services Engine (ISE) Server

You can configure Identity CollectorClosed Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses, and sends it to the Check Point Security Gateways for identity enforcement. For more information, see sk108235. You can download the Identity Collector package from sk134312. to take identity information from Cisco ISE servers over Platform Exchange Grid (PXGrid) send it to an Identity AwarenessClosed Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Gateway for identity-based enforcement.

To configure the Identity Collector to work with Cisco ISE:

  1. In the Identity Collector, add a new Cisco ISE Server as an Identity Source.

    1. Open the Identity Collector application.

    2. From the left navigation toolbar, click Identity Sources.

    3. From the top toolbar, click New Source > Cisco ISE.

    4. Enter the ISE Server Name to appear in the Identity Collector.

    5. Enter the Server Settings:

      • Primary Node - Enter the resolvable FQDN of the primary pxGrid node (or the standaloneClosed Configuration in which the Security Gateway and the Security Management Server products are installed and configured on the same server. node).

      • Secondary Node - Enter the resolvable FQDN of the secondary pxGrid node. Only necessary in distributed pxGrid environment with more than one pxGrid node.

      • Site - (Optional) Enter a Site name.

      • Certificate File - Select the ISE Server certificate file (in jks format). This file contains certificates of primary PxGrid, secondary PxGrid, and MnT nodes. See Cisco pxGrid documentation for instructions to export Cisco ISE certificates to the jks file.

      • Certificate Key - Enter the key for the ISE Server certificate file.

      • Machine Name - Enter the resolvable FQDN of the Identity Collector client computer. Then the ISE Server pxGrid client list shows this FQDN (Administration > pxGrid Services > Client Name), and it must be approved.

    6. Enter the Client Settings:

      • Certificate File - Select the Identity Collector certificate file (in jks format), generated by the ISE Server. See the Cisco pxGrid documentation.

      • Certificate Key - Enter the key for the Identity Collector certificate file.

      Enter the Client Settings:

    7. Click OK.

  2. In the Identity Collector, add a new Query Pool, or edit a current Query Pool.

    See Identity Collector - Query Pools.

  3. In the Identity Collector, add a new Filter for the login events, or edit a current Filter.

    See Identity Collector - Filters for Login Events.

  4. Connect the Identity Collector to the Check Point Identity ServerClosed Check Point Security Gateway with enabled Identity Awareness Software Blade. (Identity Awareness Gateway).

    See Identity Collector - Connecting to an Identity Awareness Gateway.