Identity Collector - Query Pools

The Identity CollectorClosed Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses, and sends it to the Check Point Security Gateways for identity enforcement. For more information, see sk108235. You can download the Identity Collector package from sk134312. can connect with more than one Identity Source at a time. The Identity Sources are organized in Query Pools.

A Query Pool is an object which contains a number of Identity Sources. Each Query Pool is assigned to one Identity AwarenessClosed Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Gateway. The Identity Collector collects information from the Identity Sources in the Query Pools and sends the information to the Identity Awareness Gateways.

Note - Identity Collector queries only the Identity Sources that are selected in the Query Pool.

Example

An environment has two domains: Asia.com and Euro.com.

The administrator wants the Asia Identity Awareness Gateway to get the events from the four Active Directory Domain Controllers in the Asia.com domain.

The administrator in addition wants the Europe Identity Awareness Gateway 1 and Europe Identity Awareness Gateway 2 to get the events from all the 6 Active Directory Domain Controllers in the Euro.com domain.

The administrator, therefore, creates two Query Pools:

  • A query pool which contains all the Active Directory Domain Controllers in the Asia.com domain.

  • A query pool which contains all the Active Directory Domain Controllers in the Euro.com domain.

The administrator configures:

  • The Asia Identity Awareness Gateway to get events from the Asia Query Pool.

  • The two Europe Identity Awareness Gateways to get events from the Europe Query Pool.

Adding a New Query Pool

  1. Open the Identity Collector application.

  2. At the top, click Query Pools.

  3. From the top toolbar, click New Query Pool ().

  4. Enter the name for the Query Pool to show in the Identity Collector.

  5. (Optional) Enter the comment.

  6. Select the Identity Sources from which to collect identities.

  7. Click OK.

Editing a Current Query Pool

  1. Open the Identity Collector application.

  2. At the top, click Query Pools.

  3. Select the applicable Filter.

  4. From the top toolbar, click Edit Query Pool ().

  5. Select the Identity Sources from which to collect identities.

  6. Click OK.

Deleting a Current Query Pool

  1. Open the Identity Collector application.

  2. At the top, click Query Pools.

  3. Select the applicable Filter.

  4. From the top toolbar, click Delete Query Pool ().

  5. Click Yes to confirm.

  6. Click OK.