Identity Awareness Deployment
Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. is commonly enabled on a perimeter Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources.. It is frequently used in conjunction with Application Control Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI. Software Blade.
To protect internal data centers, Identity Awareness Software Blade can be enabled on an internal Security Gateway located in front of internal servers, such as data centers. This can be done in addition to the perimeter Security Gateway, but does not require a perimeter Security Gateway.
Identity Awareness can have a Bridge Mode Security Gateway or Virtual System that works as a Layer 2 bridge device for easy deployment in an existing topology. or a Route Mode configuration.
-
In Bridge Mode, the Security Gateway can use an existing subnet with no change to the hosts' IP addresses.
-
In Route Mode, the Security Gateway works as a router with different subnets connected to its network interfaces.
For redundancy, you can deploy a cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. of Identity Awareness Security Gateways in High Availability or Load Sharing modes.
You can configure multiple Identity Awareness Security Gateways in your environment and configure them to share identity information. Common scenarios include:
-
Enabling Identity Awareness Software Blade on a perimeter Security Gateway and on a data center Security Gateway.
-
Enabling Identity Awareness Software Blade on more than one data center Security Gateway.
-
Enabling Identity Awareness Software Blade on a branch office Security Gateway and on a central Security Gateway.
You can have one or more Identity Awareness Gateways acquire identities and share them with the other Identity Awareness Gateways.
You can also share identities between Identity Awareness Gateways that are managed in different Multi-Domain Servers.