Identity Tag

What can I do here?

Use this window to create a new Identity Tag or edit an existing one.

Getting Here - Object Explorer > New > User/Identities > Identity Tag

Using Identity Tags in Access Role Matching

Identity Tags let you include external identifiers (such as Cisco® Security GroupClosed A logical group of Security Appliances (in Maestro) / Security Gateway Modules (on Scalable Chassis) that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances / Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. In Maestro, each Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. Tags, or any other groups provided by any Identity Source) in Access RoleClosed Access Role objects let you configure network access according to: Networks, Users and user groups, Computers and computer groups, Remote Access Clients. After you activate the Identity Awareness Software Blade, you can create Access Role objects and use them in the Source and Destination columns of Access Control Policy rules. matching. These external identifiers act like a tag that can be assigned to a certain user, machine or group.

To use Identity Tags in Access Role matching:

  1. Create a new Identity Tag:

    1. Click Objects menu > More object types > User > Identity Tag.

    2. Enter a name for the object.

      Note -If you enter the External Identifier first, the Identity Tag object gets the same name.

    3. In the External Identifier field, enter one of these:

      Note - The External Identifier must be a unique name.

    4. Click OK.

  2. Include the Identity Tag in an Access Role:

    1. Click Objects menu > More object types > User > New Access Role.

    2. On the Users tab or Machines tab, select Specific users/groups.

    3. Click the [+] icon.

    4. Click on the domain name button in the top left corner and select Identity Tags.

    5. Select the Identity Tag created in Step 1.

    6. Click OK.

  3. Add this Access Role to the Source or Destination column of an Access Control Policy ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session..

  4. Install the Access Control Policy.