Configuring the Identity Collector to Work with Active Directory

Workflow to configure the Identity Collector to work with Active Directory

1. In the Identity Collector Check Point dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses, and sends it to the Check Point Security Gateways for identity enforcement. For more information, see sk108235. You can download the Identity Collector package from sk134312., add a new Active Directory Domain.

   See Working with Active Directory Domains in the Identity Collector.

2. In the Identity Collector, add a new Active Directory Domain Controllers.

   Use one of these two options to add the necessary Domain Controllers.

   • Add Domain Controllers automatically by DNS and LDAP queries

     1. Open the Identity Collector application.

     2. From the left navigation toolbar, click Identity Sources.

     3. From the top toolbar, click New Source > Active Directory > Fetch Automatically.

     4. Enter the Domain Controller information:

        • Domain - Select the Active Directory Domain, or configure a new one.

        • DC IP Address - Enter the IP address of one of the Domain Controllers you want to add.

     5. Click Fetch.

        A list of the Domain Controllers show.

     6. Enable the Domain Controllers you want to add.

     7. Click OK.

   • Add Domain Controllers manually one at a time

     1. Open the Identity Collector application.

     2. From the left navigation toolbar, click Identity Sources.

     3. From the top toolbar, click New Source > Active Directory > Add Manually.

     4. Enter the Domain Controller Name to show in the Identity Collector.

     5. (Optional) Enter your comment.

     6. Enter the Domain Controller information:

        • Domain - Select the Active Directory Domain, or configure a new one.

        • IP Address - Enter the IP address of one of the Domain Controllers you want to add.

        • Site - (Optional) Enter the Domain Controller site name.

        • Is Forwarded Event Log Collector - Select this option, if this server is not a Domain Controller, but a server, to which the login events are forwarded.

     7. Click Test.

     8. Click OK.

3. In the Identity Collector, add a new Query Pool, or edit a current Query Pool.

   See Working with Query Pools in the Identity Collector.

4. In the Identity Collector, add a new Filter for the login events, or edit a current Filter.

   See Working with Filters for Login Events in the Identity Collector.

5. Connect the Identity Collector to the Check Point Identity Server Check Point Security Gateway with enabled Identity Awareness Software Blade. (Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Gateway).

   See Connecting the Identity Collector to the Identity Awareness Gateway.

Notes The Identity Collector is using the Windows Event Log API for fetching the security logs from Domain Controllers. The Identity Collector can communicate with up to 35 Active Directory servers. The Identity Collector can process up to 1900 AD events per second.