Identity Awareness enhancements for R77.30 - Giraffe Hotfix
Identity Awareness enhancements for R77.30 (also known as Giraffe) feature pack Hotfix is a Security Gateway Hotfix that provides new features for R77.30 Identity Awareness:
- Large Scale support and optimization
- Web API
- Identity Collector
- Kernel table export
- Identity Agent automatic reconnect to a higher-priority gateway
- General bug fixes and enhancements
There are 2 versions of the Giraffe Hotfix:
- Giraffe_v2 Compatible with R77.30 GA and also on top of Jumbo Hotfix until Take_226 (included).
- Giraffe_v3 Compatible with R77.30 with Jumbo Hotfix Take_266 and higher. Installation of Jumbo Hotfix Take_266 and higher is a requirement for Giraffe_v3.
Giraffe Hotfix is part of the R77.30 Jumbo Hotfix Accumulator since Take_308 (sk106162)
Large scale support and optimization:
Previously, the Identity Awareness Blade supported up to 30,000 identities per Security Gateway. In R80.10, that number was increased to 200,000. The large-scale support allows for the same scale optimization in R77.30 Security Gateway, as well.
Identity Awareness Web-API:
The web API identity source provides a flexible method for the creation of identities based on environment needs.
With the Identity Awareness web API, you can create and revoke identities, and query the Identity Awareness Software Blade regarding users, IPs, and computers.
The web API uses the REST protocol over SSL. The Security Gateway authenticates and authorizes users and computers with the information it gets from the web API.
Identity Awareness web API gets JSON requests over HTTPS, and each HTTP request contains one Identity Awareness web API command or a bulk of commands.
Each API command must include a shared secret pre-configured in SmartConsole.
The Identity Awareness web API supports 3 commands:
- add-identity - Associates an IP address with a user or a computer for a specified amount of time.
- delete-identity - Revokes sessions that match one IP address or an IP range.
- show-identity - Queries the identities related to an IP address, and other information the Identity Awareness blade saves about this IP.
Current integrations of vendors include: Aruba Clearpass, Forescout CounterACT, PulseSecure and more.
Check Point Identity Collector is a Windows-based application which collects information about identities and their associated IP addresses, and sends it to the Check Point Security Gateways for identity enforcement.
The identities are collected from the following servers:
Microsoft Active Directory Domain Controllers: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows 2016 (2016 is supported only from R80.10).
Cisco Identity Services Engine (ISE) Servers, versions 2.0, 2.1 and 2.2.
For more details, please follow sk108235.
Kernel tables export:
A new command exports the IDA kernel tables into csv files for further analysis by TAC.
To export all relevant tables (-a) and zip them (-z), execute:
# ida_tables_util -a -z
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.