Identity Collector - Optimization

Exclude multi-user machines

After the Identity CollectorClosed Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses and sends it to the Check Point Security Gateways for identity enforcement, you can download the Identity Collector package from the Support Center. works for some time, you can check the number of multi-user computers, and add them to the Network Exclusion List.

To do so, run this command on the Identity AwarenessClosed Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Gateway (each Cluster MemberClosed Security Gateway that is part of a cluster.):

pdp idc muh show

Exclude service accounts

After the Identity Collector works for some time, you can see how many service accounts there are, and add them to the Identity Exclusion List.

To do so, run this command on the Identity Awareness Gateway (each ClusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Member):

pdp idc service_accounts

Consolidate Groups

If the Identity Awareness Gateway receives the user groups from the Cisco Identity Collector (SGT), it does not fetch them from the user directory.

If you enable group consolidation, the Identity Awareness Gateway fetches the group even if it receives groups from the Identity Collector:

pdp idc groups_consolidation show

How to increase number and size of logs in Identity Collector

The logs of the Identity Collector on a Windows server are located in C:\windows\temp\ia_ag.log*. The default configuration includes ten files. In scenarios where the environment accommodates a substantial user base and all severity topics are activated for logging, all the files could be rotated quickly. This could require you increase the number and maximum size of log files.

The size of the debug files and the number of files are configurable through the registry.

Change the following registry values:

  • \HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\IdentityCollector\DebugMaxFiles -- Number of files

  • \HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\IdentityCollector\DebugMaxSize -- Debug file size (in bytes)

If these registry values do not exist, create them with the necessary value.

After changing the registry values, it is necessary to restart the Identity Collector service to keep the changes.

  1. On Windows Server machine open Task Manager > Services.

  2. Find a service named IDCService, right-click on it and select Restart.