Identity Collector - Connecting to an Identity Awareness Gateway

You can connect the Identity Collector Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses and sends it to the Check Point Security Gateways for identity enforcement, you can download the Identity Collector package from the Support Center. to Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Gateway and configure the Identity Collector to send logs to the Identity Awareness Gateway.

To connect the Identity Collector to Identity Awareness Gateway:

1. Open the Identity Collector application.

2. From the left navigation toolbar, click Identity Servers.

3. From the top toolbar, click the Add icon () and then select Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

4. Configure the Identity Awareness Gateway:

   • IP Address - Enter the IPv4 address as configured in the Identity Awareness Gateway object in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..

   • Shared Secret - Enter the shared secret as configured in the Identity Awareness Gateway object (Identity Awareness pane > Identity Collector > Settings).

   • Query Pool - Select the applicable query pool.

   • Filter - Select the applicable filter for the login events (if this field is empty, the default Global filter is used).

   • Pre R80.10 Gateway - Select this option if you connect to an Identity Awareness Gateway R77.30 or lower.

5. Click Test.

6. Examine and approve the Certificate Info.

   Note - Identity Collector does not trust a wildcard certificate from a Security Gateway.

7. Click OK.

8. Install the Access Control Policy on the Identity Awareness Gateway.

Note - Starting from R80.40, you can configure Service Account In Microsoft® Active Directory, a user account created explicitly to provide a security context for services running on Microsoft® Windows® Server. Exclusion on an Identity Awareness Gateway. For more information, seeIdentity Collector - Service Account Exclusion.

Designating the Main IP Address for Identity Collector on a Windows Server

When Identity Collector is installed on a Windows server that has more than one IP address on the external interface, you can designate one of the Windows server's IP addresses to use for communication between Identity Collector and an Identity Awareness Gateway. This feature is available starting from Identity Collector version R82.120.0000.

1. On the Windows server where Identity Collector is installed, stop the Identity Collector service.

2. In the Windows registry, go to: HKLM\SOFTWARE\WOW6432Node\CheckPoint\IdentityCollector\.

3. Set the value of the "MainIP" registry key as the IP address for the Windows Server to use for Identity Collector communication. The IP address must be in quad dotted format. For example: 192.168.1.1

4. Start the Identity Collector service.