Identity Collector - Protocols and Ports

Identity CollectorClosed Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses and sends it to the Check Point Security Gateways for identity enforcement, you can download the Identity Collector package from the Support Center. uses these protocols and ports:

Direction

Port

Protocol

Identity Collector to Identity ServerClosed Check Point Security Gateway with enabled Identity Awareness Software Blade.

443

Proprietary Check Point protocol, over HTTPS. Used for ongoing connection between the agent and the Identity Server.

Identity Collector to Microsoft Active Directory Domain Controller

53

DNS

Identity Collector to Microsoft Active Directory Domain Controller

389

LDAP

Identity Collector to Microsoft Active Directory Domain Controller

636

LDAPS

Note - Starting from R81.08.0000, you can use LDAPS through port 636 when you use "NetIQ eDirectory" and "Active Directory". See:

Identity Collector to Microsoft Active Directory Domain Controller

135,
and dynamically
allocated ports

DCOM protocol, which uses DCE/RPC.

Note - DCOM uses DCE/RPC. If the Active Directory Domain Controller uses Windows Firewall, configure it to allow Identity Collector traffic: enable Remote Event Log Management > Remote Event Log Management (RPC).

Identity Collector to Cisco ISE Server

5222

Session subscribe. Gets notifications of new login or logout events from the Cisco ISE Server.

Identity Collector to Cisco ISE Server

8910

Bulk session download. Fetches all the active sessions from the Cisco ISE Server.