Identity Collector - Advanced Configuration
-
In the Identity Collector
Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses and sends it to the Check Point Security Gateways for identity enforcement, you can download the Identity Collector package from the Support Center. client, from the left navigation toolbar, click Settings. -
Configure the advanced setting.
Category
Setting
Description
Activity Log
Logs the date and time of activities done in the Identity Collector.
This log is cleared every time the Identity Collector GUI restarts.
Settings > Identity Reporting
Association time-to-live
How long this association stays on the PDP
Check Point Identity Awareness Security Gateway that acts as Policy Decision Point: acquires identities from identity sources; shares identities with other gateways. Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Gateway.The default is
720minutes (12hours).Cache time-to-live
The cache saves associations (username-to-IP address) that the Identity Collector creates for a specified time.
If the event occurs again during that time, the Identity Collector does not send the event to the Identity Awareness Gateway again.
The default is
300seconds (5minutes).Ignore machine identities
If you select this option, the Identity Collector sends user associations and does not send computer associations.
By default, this option is cleared.
Ignore RDP events
During Remote Desktop login, two login events occur in the Domain Controller. The two login events have the same username but two different IP addresses: the computer where the user logs in and the computer that the user accesses remotely.
In this option, the Identity Collector ignores the IP address of the computer where the user logs in because it is redundant. This is the default option.
The Event ID of the ignored event is
4624.The Type of the ignored event is
10.Clear Cache
Clears all the entries saved in the cache. The Identity Collector creates new cache entries when it receives new associations.
Settings > Debugging
Lets you configure the debug topics and severity of collected internal messages in the Identity Collector.
Location of the output files is configured in this file:
C:\ProgramData\CheckPoint\IdentityCollector\ServiceDebugPath.cfgThe output files are:
-
{LOCATION}\ia_ag.log -
{LOCATION}\ia_idcgui_0.log -
{LOCATION}\ia_ag_tracker.log -
{LOCATION}\IDCLogs\ia_IDC_xxx.log
Settings > ISE Servers
Session Keep-alive
The Identity Collector goes over its internal Cisco ISE sessions database once during the interval time period. If Identity Collector finds expired sessions, it queries the Cisco ISE Server to see if the session is still alive. Then, Identity Collector updates the Identity Awareness Gateway accordingly. This value sets the interval.
The default is 1 minute.
Settings > eDirectory
LDAP Query Interval
This value sets the frequency for Identity Collector to query eDirectory LDAP servers.
The default is
20seconds.Initial Fetch Time Frame
This value sets how long Identity Collector waits for eDirectory LDAP servers during initial fetch.
The default is
720minutes (12hours).Settings > Logins Monitor
Event expiration time
The maximum time that the Logins Monitor Table stores each login record.
Cache time-to-live
The maximum time interval between two different login events by the same user or the same computer that are treated as one Logins Monitor record.
Auto refresh time
The interval of time for the user interface of the Logins Monitor to refresh its display, when it requests an update of login records.
Ignore revoked events
When selected, the Logins Monitor tab stores and shows only the latest login event (both user and computer event) for each IP address.
Cloud Settings
Full directory synchronization
Syncs all identities to the cloud.
-