Identity Collector - Connecting to an Identity Awareness Gateway

You can connect the Identity Collector Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses and sends it to the Check Point Security Gateways for identity enforcement, you can download the Identity Collector package from the Support Center. to Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Gateway and configure the Identity Collector to send logs to the Identity Awareness Gateway.

To connect the Identity Collector to Identity Awareness Gateway:

1. Open the Identity Collector application.

2. From the left navigation toolbar, click Identity Servers.

3. From the top toolbar, click the Add icon () and then select Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

4. Configure the Identity Awareness Gateway:

   • IP Address - Enter the IPv4 address as configured in the Identity Awareness Gateway object in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..

   • Shared Secret - Enter the shared secret as configured in the Identity Awareness Gateway object (Identity Awareness pane > Identity Collector > Settings).

   • Query Pool - Select the applicable query pool.

   • Filter - Select the applicable filter for the login events (if this field is empty, the default Global filter is used).

   • Pre R80.10 Gateway - Select this option if you connect to an Identity Awareness Gateway R77.30 or lower.

5. Click Test.

6. Examine and approve the Certificate Info.

   Note - Identity Collector does not trust a wildcard certificate from a Security Gateway.

7. Click OK.

8. Install the Access Control Policy on the Identity Awareness Gateway.

Note - Starting from R80.40, you can configure Service Account In Microsoft® Active Directory, a user account created explicitly to provide a security context for services running on Microsoft® Windows® Server. Exclusion on an Identity Awareness Gateway. For more information, seeIdentity Collector - Service Account Exclusion.