Extreme Management to Checkpoint Firewall Integrations

  • 0
  • 1
  • Question
  • Updated 2 months ago
  • Answered
I was wondering if anyone was pulling user data from Extreme Management(NAC) into a Checkpoint appliance to Map IP to Users.  Any if so how people were doing it.  Also if there are any other integrations between the to systems?
Photo of Matthew Perry

Matthew Perry

  • 320 Points 250 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Pala, Zdenek

Pala, Zdenek, Employee

  • 9,854 Points 5k badge 2x thumb
Hi.

AFAIK the integration between Extreme Control and CheckPoint is very new. It does exactly what you mentioned => update IP-UserID mapping in CheckPoint.

The opposite integration is generic and should work also = if CheckPoint (anything) send the syslog with specific/configured format to the EMC then endsystem can be blacklisted => quarantined.

Please contact your local Extreme SE = You can get it from the SAI team then.

Regards

Z.
Photo of Matthew Perry

Matthew Perry

  • 320 Points 250 badge 2x thumb
Thanks,  I'll poke my SE.
Photo of Ty Kolff

Ty Kolff

  • 1,098 Points 1k badge 2x thumb
I just set this up with a local Checkpoint SE last week.  We setup the Checkpoint as a radius server and sent accounting logs to the Checkpoint box and it was then able to tie into Active Directory and pull the user accounts mapped to an IP address.  

This was for a customer that was using 802.1x authentication.
Photo of Antonio Opromolla

Antonio Opromolla

  • 2,216 Points 2k badge 2x thumb
Hi all,
I'm trying to do a distributed IPS with Extreme Connect module (I'm using EMC version 7.1.1.9 and connect module version 3.02-3) and a Check Point R80.10 firewall.
I've defined the module as below screenshot


The Check Point Threat prevention rule has got a SNMP trap as alert action as below


The Check Point log is



and on EMC I receive a snmp v1 trap as follow:


But is trap is not received by the Connect module specific for the Distributed IPS integration...
Has got someone a working scenario with Check Point and the Connect module?

Regards.
Antonio
Photo of Antonio Opromolla

Antonio Opromolla

  • 2,216 Points 2k badge 2x thumb
I've forget one screenshot of the snmp trap received
 
Photo of Antonio Opromolla

Antonio Opromolla

  • 2,216 Points 2k badge 2x thumb
Hi, no one has tried this integration?
Photo of Pala, Zdenek

Pala, Zdenek, Employee

  • 9,824 Points 5k badge 2x thumb
Hi,

Distributed IPS is working. Video is now available at GitHub. How-To configure it will follow soon.
Photo of Pala, Zdenek

Pala, Zdenek, Employee

  • 9,854 Points 5k badge 2x thumb
Hi.
the integration is ready and here is video how it works.

Enjoy.
Photo of Pala, Zdenek

Pala, Zdenek, Employee

  • 9,854 Points 5k badge 2x thumb
Documentation of the integration between Extreme Management and Check Point firewall is available here.
(Edited)
Photo of mp2014

mp2014

  • 1,270 Points 1k badge 2x thumb
Hi,
nice to see that you did Infoblox IPAM integration script too! I'll try this soon.
Photo of mp2014

mp2014

  • 1,270 Points 1k badge 2x thumb
for the infoblox integration - nice work! That was what I was looking for :-)
One question to this: If i dont want the comment field to get updated (replacing data with "XMC Updated"), what needs to be changed on the python code?
Photo of mp2014

mp2014

  • 1,270 Points 1k badge 2x thumb
got it, just missed the right syntax.