Identity Collector Optimization

Exclude multi-user machines

After the Identity CollectorClosed Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses, and sends it to the Check Point Security Gateways for identity enforcement. For more information, see sk108235. You can download the Identity Collector package from sk134312. works for a while, you can check the number of multi-user computers, and add them to the Network Exclusion List. To do so, enter this command on the Identity AwarenessClosed Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Gateway CLI:

pdp idc muh show

Exclude service accounts

After the Identity Collector works for a while, you can see how many service accounts there are, and add them to the Identity Exclusion List. To do so, enter this command on the Identity Awareness Gateway CLI:

pdp idc service_accounts

Consolidate Groups

If the Identity Awareness Gateway receives the user groups from the Cisco Identity Collector (SGT), it does not try to fetch them from the user directory. If you enable group consolidation, the Identity Awareness Gateway fetches the group even if it receives groups from the Identity Collector:

pdp idc groups_consolidation show