Identity Agent for a Terminal Server - Login Tracking

A computer with Identity AgentClosed Check Point dedicated client agent installed on Windows-based user endpoint computers. This Identity Agent acquires and reports identities to the Check Point Identity Awareness Security Gateway. The administrator configures the Identity Agents (not the end users). There are two types of Identity Agents - Full and Light. You can download the Full and Light Identity Agent package from the Captive Portal - 'https://<Gateway_IP_Address>/connect' or from Support Center. (MUH Agent) installed tracks user logins during a one-hour period. You can change this timeout period.

Note - The interval configured in this procedure applies to the Identity CollectorClosed Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses and sends it to the Check Point Security Gateways for identity enforcement, you can download the Identity Collector package from the Support Center. Service AccountClosed In Microsoft® Active Directory, a user account created explicitly to provide a security context for services running on Microsoft® Windows® Server. Exclusion feature on Identity AwarenessClosed Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Gateways that support this feature. Starting from R80.40, you can configure Service Account Exclusion on an Identity Awareness Gateway. For more information, seeIdentity Collector - Service Account Exclusion

To change the detection interval for Identity Agent (MUH) Login Tracking

  1. Connect to the command line on the Identity Awareness Gateway/ each Cluster MemberClosed Security Gateway that is part of a cluster..

  2. Log in to the Expert mode.

  3. Back up the current $FWDIR/conf/pdp_overriding_attrs.C file, if it exists:

    cp -v $FWDIR/conf/pdp_overriding_attrs.C{,_BKP}

  4. Edit the current $FWDIR/conf/pdp_overriding_attrs.C file:

    vi $FWDIR/conf/pdp_overriding_attrs.C

  5. Configure the applicable value for the idc_muh_interval attribute:

    (
    :idc_muh_serviceaccount_interval (<NUMBER OF SECONDS>)
)

    The default value is 3600 seconds.

    The acceptable values are from 1 to 86400 seconds.

  6. Save the changes in the file and exit the editor.

  7. In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., install the Access Control Policy on the Identity Awareness Gateway/ ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing..