Configuring Identity Awareness Gateway as an Active Directory Proxy

If Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. is not currently connected to your Active Directory environment, Identity AwarenessClosed Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Gateway can work as Active Directory Proxy and let you use the Identity Awareness User Picker in the Access RoleClosed Access Role objects let you configure network access according to: Networks, Users and user groups, Computers and computer groups, Remote Access Clients. After you activate the Identity Awareness Software Blade, you can create Access Role objects and use them in the Source and Destination columns of Access Control Policy rules. object (see Working with Access Role Objects in the Rule Base).

Note - The Identity Awareness Gateway needs to be connected to your Active Directory server.

Configuring Identity Awareness Gateway in SmartConsole


  1. Create a new Host object for each Active Directory Domain Controller in your Active Directory environment:

    1. In the top left corner, click Objects > New Host.

    2. Configure the object name and IP address.

    3. Click OK.

  2. Install the Access Control Policy on the Identity Awareness Gateway.

  3. Configure an LDAP Account Unit object:

    1. In the top left corner, click Objects > Object Explorer.

      The Object Explorer window opens.

    2. In the left navigation tree, click Servers.

    3. From the toolbar, click New > More > User/Identity > LDAP Account Unit.

      The LDAP Account Unit Properties window opens.

    4. Configure properties on each tab in the window.

    5. Click OK to complete the configuration of the new LDAP Account Unit object and to close the LDAP Account Unit Properties window.

(Optional) Configuring the Security Gateway to Encrypt the LDAP Connection with your Domain Controller


  1. Open the LDAP Account Unit object you configured in Step 3.

  2. Go to the Servers tab.

  3. Select the LDAP Server object and click Edit.

  4. Go to the Encryption tab.

  5. Select Use Encryption (SSL).

  6. In the Verify that server has the following Fingerprints field, enter the Active Directory server fingerprint you get from the Identity Awareness Gateway.

  7. Click OK to close the LDAP Account Unit Properties window.

Enabling the Identity AwarenessSoftware Blade on the Security Gateway.

  1. In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., from the left Navigation Toolbar, click Gateways & Servers.

  2. Edit the Security Gateway object.

  3. Select Identity Awareness Software BladeClosed Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities..

  4. When Identity Awareness Configuration wizard opens, click Cancel.

  5. Make sure the Identity Awareness is selected.

  6. In the left navigation tree, go to Identity Awareness.

  7. In the Identity Sources section, select and configure the applicable options.

  8. Click OK.

  9. Install the Access Control Policy.

Important Notes about the Identity Awareness Gateway as Active Directory Proxy feature: