Identity Collector - Protocols and Ports

Identity CollectorClosed Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses, and sends it to the Check Point Security Gateways for identity enforcement. For more information, see sk108235. You can download the Identity Collector package from sk134312. uses these protocols and ports:

Direction

Port

Protocol

Identity Collector to Identity AwarenessClosed Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Gateway

443

Proprietary Check Point protocol, over HTTPS. Used for ongoing connection between the agent and the Identity Awareness Gateway.

Identity Collector to Microsoft Active Directory Domain Controller

53

DNS

Identity Collector to Microsoft Active Directory Domain Controller

389

LDAP

Identity Collector to Microsoft Active Directory Domain Controller

636

LDAPS

Note - Starting from R81.08.0000, you can use LDAPS through port 636 when you use "NetIQ eDirectory" and "Active Directory". See:

Identity Collector to Microsoft Active Directory Domain Controller

135,
and dynamically
allocated ports

DCOM protocol, which uses DCE/RPC.

Note - DCOM uses DCE/RPC. If the Active Directory Domain Controller uses Windows Firewall, configure it to allow Identity Collector traffic: enable Remote Event Log Management > Remote Event Log Management (RPC).

Identity Collector to Cisco ISE Server

5222

Session subscribe. Gets notifications of new login or logout events from the Cisco ISE Server.

Identity Collector to Cisco ISE Server

8910

Bulk session download. Fetches all the active sessions from the Cisco ISE Server.