Advanced Identity Awareness Environment
Configure a Check Point Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. with enabled Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. for better security for your network environment and corporate data. This section describes environment configuration with Identity Awareness that we recommend.
|
Important:
|
Advanced Configuration
There are more ways to configure an Identity Awareness Security Gateway:
-
IP routing mode
-
Transparent mode (Bridge Mode)
IP routing mode - This is a regular and standard method to configure Identity Awareness Gateways. Use this mode when you configure the Identity Awareness Security Gateway at the perimeter. In this case, the Identity Awareness Security Gateway behaves as an IP router that examines and forwards traffic between the internal interface and the external interface in both directions. Use different network subnets and ranges to locate both interfaces.
Transparent mode - Has an additional name "Bridge Mode". Use this configuration method to install the Identity Awareness Security Gateway as a Layer 2 device, rather than an IP router. The benefit of this method is that it is not necessary to make changes in the network infrastructure. It lets you configure the Identity Awareness Security Gateway inline in the same subnet. This configuration is mostly applicable when you must configure an Identity Awareness Gateway for network segregation and Data Center protection purposes.
Configuring a Test Environment
> |
Best Practice - If you want to examine how Identity Awareness works in a Security Gateway, we recommend that you configure it in a simple environment. In this setup, you can examine all identity sources and create an identity-based policy. |
We recommend to install these main components in the setup:
-
User host (Windows)
-
Check Point Security Gateway R75.20 or higher
-
Microsoft Windows server with Active Directory, DNS and IIS (Web resource)
Put the Security Gateway in front of the protected resource, the Windows server that runs IIS (web server). The user host computer gets an access to the protected resource through the Security Gateway.
Testing Identity Agents
Enable and configure Identity Agents, and configure Identity Agents self-provisioning through Captive Portal (see Identity Awareness Clients Administration Guide).
-
Open a browser and connect to the web resource.
The resource redirects you to the Captive Portal.
-
Enter user credentials.
-
Install the client as prompted by the Captive Portal.
-
In the authentication window, enter the user credentials through the client.
-
Examine the connection.