Identity Collector Optimization
Exclude multi-user machines
After the Identity Collector
Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses, and sends it to the Check Point Security Gateways for identity enforcement. For more information, see sk108235. You can download the Identity Collector package from sk134312. works for a while, you can check the number of multi-user computers, and add them to the Network Exclusion List. To do so, enter this command on the Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Gateway CLI:
|
|
Exclude service accounts
After the Identity Collector works for a while, you can see how many service accounts there are, and add them to the Identity Exclusion List. To do so, enter this command on the Identity Awareness Gateway CLI:
|
|
Consolidate Groups
If the Identity Awareness Gateway receives the user groups from the Cisco Identity Collector (SGT), it does not try to fetch them from the user directory. If you enable group consolidation, the Identity Awareness Gateway fetches the group even if it receives groups from the Identity Collector:
|
|
