Check Point Identity Awareness Software Blade provides granular visibility of users, groups and machines, providing unmatched application and access control through the creation of accurate, identity-based policies. Centralized management and monitoring allows for policies to be managed from a single, unified console.
Increases visibility of user activities
Improves control of corporate resources
Easy to deploy in any organization
It took about five minutes to get Identity Awareness running and 30 minutes for Mobile Access. I just placed the 4200s in a clustered environment and it only took me about an hour and a half to bring those into production.”"
Network Security Administrator
The Identity Awareness Software Blade allows you to easily add user, user-group and machine identity intelligence to your security defenses.
Adding identity intelligence via the Identity Awareness Software Blade is fast and easy with our built-in deployment wizard. In just a few simple steps you can add user, user-group and machine identity awareness and obtain valuable information to utilize in policies throughout your security infrastructure.
Step 1: Provide corporate access for specific groups or users, leveraging network-wide identity awareness.
Step 2: Provide your Active Directory credentials for the required domain.
Step 3: Create any rules you require for capturing identity information via the captive portal.
That’s all it takes. The Identity Awareness Software Blade will obtain identity information. If desired, you can change the options that you set in the wizard or deploy other methods, such as identity agents.
The Identity Awareness Software Blade is integrated into the Software Blade architecture. It can be easily and rapidly activated on existing Check Point Security Gateways saving time and reducing costs by leveraging existing security infrastructure.
The Identity Awareness Software Blade provides multiple methods to obtain a user’s identity, including: AD Query, Browser-Based, or Identity Agents. Identity information can be used by relevant Software Blades to apply and enforce user-based policies.
An easy to deploy, clientless identity acquisition method. It is based on Active Directory integration and it is completely transparent to the user.
Acquires identities from unidentified users. You can configure these acquisition methods:
There are two types of Identity Agents:
Using Endpoint Identity Agents give you:
RADIUS Accounting gets identity data from RADIUS Accounting Requests that are generated by the RADIUS accounting client. Identity Awareness uses the data from these requests to obtain user anddevice group information from the LDAP server.
Remote Access (VPN SSO)
Identities are acquired for Mobile Access clients and IPSec VPN clients when configured to work in Office Mode and when they connect to the Security Gateway.
Identity information can easily be shared, as required, on a single gateway or across the entire network. In a multiple gateway deployment, such as multiple branches or multiple gateways protecting internal resources, identity can be acquired on one gateway and shared amongst all gateways. The benefits of identity sharing include:
|Supported Appliance Families|
|Supported Operating Systems|
|Software Blades Interoperation|
|Identity Agent Platform Support|