Identity Agent for a Terminal Server - Monitoring

Identity AgentClosed Check Point dedicated client agent installed on Windows-based user endpoint computers. This Identity Agent acquires and reports identities to the Check Point Identity Awareness Security Gateway. The administrator configures the Identity Agents (not the end users). There are two types of Identity Agents - Full and Light. You can download the Full and Light Identity Agent package from the Captive Portal - 'https://<Gateway_IP_Address>/connect' or from Support Center. for a Terminal Server sends monitoring information to the Identity AwarenessClosed Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Gateway.

Monitoring information includes:

  • IP address

  • Terminal Server version

  • Next keep-alive message

  • Number of connected users

  • Number of assigned port ranges (Identity Agent for a Terminal Server Version 1 (MUH v1)

Monitoring is disabled by default. After you enable monitoring, by default Identity Agent sends logs at an interval of 15 seconds.

To enable monitoring of Identity Agent for a Terminal Server:

  1. In the Registry Editor, go to the relevant Check Point key:

    • Location of the registry key on 64-bit Terminal Servers:

      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\IA\

    • Location of the registry key on 32-bit Terminal Servers:

      HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\IA\

  2. If the key MUHMonitoringEnabled does not exist, create it as DWORD.

  3. To enable the monitoring, configure the value 1 (one).

    To disable the monitoring later, configure the value 0 (zero).

  4. Close the Registry Editor.

  5. Do one of these:

    • Reboot the Terminal Server.

    • Restart the Check Point Managed Asset Detection service.

To view logs on the Identity Awareness Gateway:

  • Use SNMP

    The file $FWDIR/conf/identity_server.cps file contains the applicable SNMP Object Identifiers (OIDs).

  • Use these CLI commands:

    • The cpstat command:

      cpstat identityServer -f muh

    • The pdp command (available from R80.30):

      pdp muh status