Identity Collector - Connecting to an Identity Awareness Gateway

You can connect the Identity Collector Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses, and sends it to the Check Point Security Gateways for identity enforcement. For more information, see sk108235. You can download the Identity Collector package from sk134312. to Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Gateway and configure the Identity Collector to send logs to the Identity Awareness Gateway.

To connect the Identity Collector to Identity Awareness Gateway:

1. Open the Identity Collector application.

2. From the left navigation toolbar, click Gateways.

3. From the top toolbar, click Add ().

4. Configure the Identity Awareness Gateway:

   • IP Address - Enter the IPv4 address as configured in the Identity Awareness Gateway object in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..

   • Shared Secret - Enter the shared secret as configured in the Identity Awareness Gateway object (Identity Awareness pane > Identity Collector > Settings).

   • Query Pool - Select the applicable query pool.

   • Filter - Select the applicable filter for the login events (if this field is empty, the default Global filter is used).

   • Pre R80.10 Gateway - Select this option if you connect to an Identity Awareness Gateway R77.30 or lower.

5. Click Test.

6. Examine and approve the Certificate Info.

   Note - Identity Collector does not trust a wildcard certificate from a Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

7. Click OK.

8. Install the Access Control Policy on the Identity Awareness Gateway.

Note - Starting from R80.40, you can configure Service Account In Microsoft® Active Directory, a user account created explicitly to provide a security context for services running on Microsoft® Windows® Server. Exclusion on an Identity Awareness Gateway. For more information, seeIdentity Collector - Service Account Exclusion.