Working with User Awareness
On the Users & Objects > User Awareness page, you can enable User Awareness
A Check Point software blade designed to associate users to IP addresses for logging and control purposes. if your Security Management Server A dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. is configured to work with this feature.
The Security Management Server A Check Point Security Management Server or a Multi-Domain Security Management Server. can connect to the Active Directory through a connected Security Gateway A dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..
User Awareness lets you configure the Quantum Spark Appliance to enforce Access Control Policy on individual users and groups. let you include external identifiers provided by an Identity Source in Access Role matching. These external identifiers act like a tag that can be assigned to a specific user, device or group.
User Awareness lets you create rules for specified users in these Rule A set of traffic parameters and other conditions in a Rule Base that cause specified actions to be taken for a communication session. Bases:
-
Firewall
-
URL Filtering
Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF. and Application Control Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI. -
Threat Prevention
-
SSL Inspection
AD Query
AD Query Check Point clientless identity acquisition tool. It is based on Active Directory integration and it is completely transparent to the user.
The technology is based on querying the Active Directory Security Event Logs and extracting the user and computer mapping to the network address from them. It is based on Windows Management Instrumentation (WMI), a standard Microsoft protocol.
The Check Point Security Gateway communicates directly with the Active Directory domain controllers and does not require a separate server.
No installation is necessary on the clients, or on the Active Directory server. is a clientless tool used to get user information. It extracts user and computer information from the Active Directory Security Event Logs.
Quantum Spark appliances support AD Query as an Identity Source. For configuration instructions, see the Identity Awareness Administration Guide for your version.
Identity Collector
Identity Collector is a dedicated client agent installed on Windows Servers in your network. Identity Collector collects information about identities and their associated IP addresses, and sends it to the Check Point Security Gateway for Identity enforcement.
Quantum Spark appliances support Identity Collector as an Identity Source in the versions R81.10.00 and higher.
For configuration instructions, see the Identity Awareness Clients Administration Guide.
Identity Broker
Identity Broker is an identity sharing method between Policy Decision Points (PDP) gateways. The Policy Decision Points can share identities across different management domains in a distributed environment with multiple Identity Awareness Security Gateways. Identity Broker propagates identities between PDP gateways.
Quantum Spark Centrally Managed appliances support Identity Broker as an Identity Source in the versions R81.10.00 and higher. Quantum Spark Centrally Managed appliances require a Management Server that runs R81.10 Jumbo Hotfix Accumulator Take 66 and higher, or R81.20 and higher.
For configuration instructions, see the Identity Awareness Administration Guide for your version.