|
|
|
The CloudGuard Controller integrates Cisco ISE with Check Point security. It allows the use of TrustSec security groups in the security policy according to the static IP-to-SGT mappings in ISE. The ISE server is represented as the Data Center server in Check Point. It connects to the ISE administration nodes and automatically retrieves SGs. For redundancy, it is possible to provide both primary and secondary ISE administration nodes.
The ISE External RESTful Services (ERS) API enables communication with ISE.
Prerequisites:
Step |
Description |
|---|---|
1 |
In SmartConsole, create a new Data Center object in one of these ways:
|
2 |
In the Enter Object Name field, enter the desired name. |
3 |
In the Hostname(s) field, add the IP address or hostname of your ISE administration nodes. |
4 |
In the Username field, enter the username of your ISE administrator with the necessary credentials. |
5 |
In the Password field, enter your ISE administrator password. |
6 |
Click Test Connection. |
7 |
Click OK. |
8 |
Publish the session. |
Object |
Description |
|---|---|
Security Groups |
Groups of users, endpoints, and resources that share access control policies. You define the Security Groups in Cisco ISE. |
If there is a failure to communicate with the ISE administration nodes that were provided, CloudGuard Controller enters a recovery mode. In recovery mode, it will automatically attempt to re-establish connection with the administration nodes. Connection is attempted with the nodes based on the order they were entered.
Important - Make sure that the secondary node is properly synchronized with the primary node. Otherwise, the IP-to-SGT data may not be up to date.
