Identity Agent for a Terminal Server - User Interface

The "Advanced" Page

In the Identity AgentClosed Check Point dedicated client agent installed on Windows-based user endpoint computers. This Identity Agent acquires and reports identities to the Check Point Identity Awareness Security Gateway. The administrator configures the Identity Agents (not the end users). There are two types of Identity Agents - Full and Light. You can download the Full and Light Identity Agent package from the Captive Portal - 'https://<Gateway_IP_Address>/connect' or from Support Center. main window, click the Advanced page > in the Troubleshooting section, click Change settings.

Advanced uses can change these settings when necessary.

Best Practice - If you are not an advanced user, we recommend to keep the default values.

Changes are applied to new users that log in to the application server after the Identity Agent saves the settings. Users that are logged in keep their current settings.

For Identity Agent Version 1 (MUH v1)

Advanced Setting

Description

Excluded TCP Ports

Ports included in this range do not get assigned to any user for TCP traffic.

This field accepts a port range or list of ranges (separated with a semicolon).

Excluded UDP Ports

Ports included in this range do not get assigned to any user for UDP traffic.

This field accepts a port range or list of ranges (separated with a semicolon).

Maximum Ports Per User

The maximum number of ports that can be assigned to a user in each of the TCP and UDP port ranges.

Ports Reuse Timeout (seconds)

The number of seconds the system waits until it assigns a port to a new user after it has been released by another user.

Errors History Size

The number of errors to keep in the history.

For Identity Agent Version 1 (MUH v1)and Identity Agent Version 2 (MUH v2):

Advanced Setting

Description

Gateway Shared Secret

This field is available only in Identity Agent Version 2 (MUH2).

The same password that is set on the Identity AwarenessClosed Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Gateway enables trusted connection between the Identity Awareness Gateway and the application server.

Important - Identity Agent Version 2 (MUH2) is supported in:

The "Users" Page

The Users page in the main window shows a table with information about all users that are actively connected to the application server that hosts the Terminal/Citrix services.

For Identity Agent Version 1 (MUH v1):

The ID and User field information is automatically updated from processes running on the application server.

Table Field

Description

ID

The SID of the user.

User

The user and domain name. The format used: <domain>\<user>

TCP Ports

The ports allocated to the user for TCP traffic.

UDP Ports

The ports allocated to the user for UDP traffic.

Authentication Status

Indicates whether this user is authenticated on the Identity Awareness Gateway.

The Identity Agent assigns TCP and UDP ports ranges for each connected user.

For Identity Agent Version (MUH v2):

The ID and User field information is automatically updated from the login and logout events.

Table Field

Description

ID

The SID of the user.

User

The user and domain name. The format used: <domain>\<user>

ID Range

The ID's allocated to the users.

Authentication Status

Indicates whether this user is authenticated on the Identity Awareness Gateway.

The Identity Agent dynamically assigns an ID to connected each user from the range of IDs.

Important - Supported in: