Dedicated Identity Acquisition Security Gateway

Security Challenge

You have more than one Security Gateways that protect the Data Center or Internet access where access depends on identity acquisition. The Security Gateways run different blades and deal with heavy traffic inspection.

To prevent an impact on performance of the Security Gateways in terms of user identity acquisition and authentication, it is possible to offload this functionality to a separate Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

The dedicated Security Gateway:

  • Gets user identity.

  • Authenticates users.

  • Shares learned identities with all Security Gateways in the network.

Configuration Scenario

You select an applicable appliance to be the dedicated Identity AwarenessClosed Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. Security Gateway. All users authenticate with this Security Gateway.

If you enable AD QueryClosed Check Point clientless identity acquisition tool. It is based on Active Directory integration and it is completely transparent to the user. The technology is based on querying the Active Directory Security Event Logs and extracting the user and computer mapping to the network address from them. It is based on Windows Management Instrumentation (WMI), a standard Microsoft protocol. The Check Point Security Gateway communicates directly with the Active Directory domain controllers and does not require a separate server. No installation is necessary on the clients, or on the Active Directory server., the dedicated Security Gateway communicates with all Active Directory domain controllers over WMI.

Item

Description

1

Internal network resources.

2

Identity Awareness Gateway that protects the internal network.

User IDs go to the corporate gateways.

3

Corporate data center.

4

Identity Awareness Gateway that protects the data center.

5

LDAP server (for example Active Directory).

6

Dedicated Identity Awareness Security Gateway.

7

Perimeter corporate Identity Awareness Gateway.

8

Internet.

Configuration Procedure

  1. On the dedicated identity acquisition Security Gateway, enable the Identity Awareness feature and select the identity method.

  2. On the Security Gateway, enable Identity Awareness and select Get identities from other gateways and Share local identities with other gateways.