Identity Collector - Requirements

Supported Identity Sources

The Identity CollectorClosed Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses and sends it to the Check Point Security Gateways for identity enforcement, you can download the Identity Collector package from the Support Center. supports these Identity Sources:

Identity Source

Requirements

Reference

Microsoft Active DirectoryDomain Controllers

No additional requirements specified

Identity Collector - Working with Active Directory)

CiscoIdentity Services Engine (ISE) Servers

No additional requirements specified

Identity Collector - Working with a Cisco Identity Services Engine (ISE) Server

NetIQ eDirectory Servers

Requires Identity AwarenessClosed Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Gateway R80.20 or higher

Identity Collector - Working with NetIQ eDirectory LDAP Servers

Syslog Messages

Requires Identity Awareness Gateway R80.20 or higher

Identity Collector - Working with Syslog Messages

Requirements for the Windows Server

These are minimum requirements for the Windows Server on which Identity Collector is installed:

Requirement

Details

Supported Versions

Windows Server 2022, 2019, 2016, 2012 R2, 2012, 2008 R2, 2008

RAM

Minimum: 8 GB

Disk Space

Minimum: 10 GB

.NET Framework

Version 4 required

Administrative Access

Administrator account required for installation and operation

Network Configuration

TCP port 443 must connect to Identity ServerClosed Check Point Security Gateway with enabled Identity Awareness Software Blade.

Firewall Rules

 

Processed Events

 

 

  • Authentication Events: 4624, 4768, 4769, 4770

  • Group Update Events: 4728, 4729, 4732, 4733, 4756, 4757

  • Group Deletion Events: 4730, 4734, 4758

Best Practices

Best Practice - For best performance, use a Windows Server with:

Specification

Recommended Value

CPU Cores

12 or more

RAM

16 GB or more

Disk Space

60 GB or more

Requirements for Integration with Active Directory

Requirement

Details

Connection to AD Domain Controllers

Windows Server must connect to AD Domain controllers using DNS, LDAP, and DCOM protocols.

Identity Collector User

Use an AD user account that is a member of the default Event Log Readers group.

Note - For the Administrative Role, the AD user account does not require administrative privileges..

Requirements for Integration with Cisco ISE PxGrid

The Identity Collector supports these versions of Cisco ISE:

Cisco ISE PxGrid Version

Supported Cisco ISE Versions

Required Java Version

Java Runtime Environment

1.0

2.0, 2.1, 2.2, 2.3, 2.4, 2.6, 2.7, 3.0, 3.1

Oracle Java JRE 1.8

Java SE Runtime Environment 8

2.0

2.0, 2.1, 2.2, 2.3, 2.4, 2.6, 2.7, 3.0, 3.1

Oracle Java SE Runtime Environment

Java SE Runtime Environment 8 or newer

Additional Requirements

Configure LDAP Account Unit(s) to enable PDPClosed Check Point Identity Awareness Security Gateway that acts as Policy Decision Point: acquires identities from identity sources; shares identities with other gateways. Identity Awareness Gateways to perform group lookups for user and machine identities. This setup ensures that theIdentity Awareness Gateways can accurately map users and machines to their respective groups, providing enhanced security and access control.