You can use the Identity Awareness and Application & URL Filtering together to add user awareness, computer awareness, and application awareness to the Check Point Security Gateway. They work together in these procedures:
The ACME organization wants to use Identity Awareness to monitor outbound application traffic and learn what their employees are doing. To do this, the IT administrator must enable Application Control and Identity Awareness. Identity information for the traffic then shows in the logs and events. See the logs in the Logs & Monitor > Logs tab. See the events in the Logs & Monitor views, in the Access Control categories.
Next, the IT department can add rules to block specific applications or track them differently in the Application & URL Filtering Layer of the policy to make it even more effective. See the R80.10 Next Generation Security Gateway Guide.
To make this scenario work, the IT administrator must:
This adds a default rule to the Application Control Rule Base that allows traffic from known applications, with the tracking set to Log.
You can see data for identified users in the Logs and Events that relate to application traffic. See Logs in the Logs & Monitor view Logs tab. See Events in the Logs & Monitor Access Control views.
The log entry shows that the system maps the source IP address with the user identity. It also shows Application Control data.