Extreme Management to Checkpoint Firewall Integrations

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
I was wondering if anyone was pulling user data from Extreme Management(NAC) into a Checkpoint appliance to Map IP to Users.  Any if so how people were doing it.  Also if there are any other integrations between the to systems?
Photo of Matthew Perry

Matthew Perry

  • 320 Points 250 badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Pala, Zdenek

Pala, Zdenek, Employee

  • 9,038 Points 5k badge 2x thumb
Hi.

AFAIK the integration between Extreme Control and CheckPoint is very new. It does exactly what you mentioned => update IP-UserID mapping in CheckPoint.

The opposite integration is generic and should work also = if CheckPoint (anything) send the syslog with specific/configured format to the EMC then endsystem can be blacklisted => quarantined.

Please contact your local Extreme SE = You can get it from the SAI team then.

Regards

Z.
Photo of Matthew Perry

Matthew Perry

  • 320 Points 250 badge 2x thumb
Thanks,  I'll poke my SE.
Photo of Ty Kolff

Ty Kolff

  • 1,098 Points 1k badge 2x thumb
I just set this up with a local Checkpoint SE last week.  We setup the Checkpoint as a radius server and sent accounting logs to the Checkpoint box and it was then able to tie into Active Directory and pull the user accounts mapped to an IP address.  

This was for a customer that was using 802.1x authentication.
Photo of Antonio Opromolla

Antonio Opromolla

  • 2,126 Points 2k badge 2x thumb
Hi all,
I'm trying to do a distributed IPS with Extreme Connect module (I'm using EMC version 7.1.1.9 and connect module version 3.02-3) and a Check Point R80.10 firewall.
I've defined the module as below screenshot


The Check Point Threat prevention rule has got a SNMP trap as alert action as below


The Check Point log is



and on EMC I receive a snmp v1 trap as follow:


But is trap is not received by the Connect module specific for the Distributed IPS integration...
Has got someone a working scenario with Check Point and the Connect module?

Regards.
Antonio
Photo of Antonio Opromolla

Antonio Opromolla

  • 2,126 Points 2k badge 2x thumb
I've forget one screenshot of the snmp trap received
 
Photo of Antonio Opromolla

Antonio Opromolla

  • 2,126 Points 2k badge 2x thumb
Hi, no one has tried this integration?