Introduction to Identity Awareness

In traditional firewall setups, traffic is monitored solely through IP addresses. This method does not reveal the user or machine behind those addresses. Identity AwarenessClosed Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. closes this gap by mapping user and computer identities to IP addresses. This approach enables more granular Access Control policies and improves data auditing.

Identity Awareness is a versatile and scalable solution, suitable for both Active Directory and non-Active Directory environments, and encompasses employees and guest users alike. It leverages Source and Destination IP addresses to identify users and computers, which can be uses as matching criteria in Access Control policy rules.

Use Case: Consider a scenario where a company wants to restrict access to sensitive data based on user roles. With Identity Awareness, the administrator can create rules that allow only specific user groups to access certain resources, regardless of the devices they use. For instance, only employees from the "Finance" group can access financial reports, whether they work from the office or remotely.

You can incorporate the following criteria into your Access Control policies:

  • User or User Group Identity

  • Computer or Computer Group Identity

With Identity Awareness, you define policy rules for specified users, who send traffic from specified computers or from any computer. Likewise, you can create policy rules for any user on specified computers.

Identity Awareness gets identities from the configured identity sources. See Identity Sources.

When Identity Awareness is configured, you can see logs in SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. based on IP address, user, and computer name in the > Logs & Events > Logs tab. You can see events in the Logs & Events > Access Control views.

An Identity Awareness Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. can share the identity information that it acquires with other Identity Awareness Security Gateways. This way, users that need to pass through many Security Gateways are identified only one time. See Advanced Identity Awareness Environment for more information.

Known Limitations

  • Identity Awareness does not support NAT.