Create a Post
Showing results for 
Search instead for 
Did you mean: 

Identity Awareness and smart cards

Dear All,

I need to implement Identity Awareness on checkpoint R77.30 for a client. The client would like to use smart cards to authenticate users on the GW.  (Smart cards contain SSL certificate and are already used to authenticate users on the network and to unlock their PCs).

Could you please tell me if there is any documentation of how to implement IDawareness based on smart cards on checkpoint? 


identity awareness‌  identity agent‌ authentication‌ #smart card

0 Kudos
4 Replies
Legend Legend

According to sk86441, Identity Awareness gets identities from these identity sources. You must enable them on the Gateway, from the Identity Awareness page of the Gateway object:

  • Active Directory (AD) Query
  • Browser-Based Authentication 
  • Identity Agents (installed on the Endpoint) 
  • Terminal Servers Agents 
  • Radius Accounting 
  • Remote Access 
  • Identity Collector
  • Web API
CCSE / CCTE / CCME / CCSM Elite / SMB Specialist
0 Kudos

Any means of authentication against AD should work for you, if you are using AD Query and/or Identity Collectors. 

Please elaborate of the exact scenario. It is unclear if you mean "on the PC" auth or a direct auth on the GW. If latter, please tell us how you see it.

0 Kudos


Currently users use the smart card to authenticate themselves on their workstations.
Once authenticated, users access the company network.

Access threading between users and applications is done via checkpoints, and this filtering is based only on source/destination IPs and the tcp/Udp port.

We wish then to put more security and traceability by setting up the blade IDawareness.

The customer does not wish to use AD query, Log collector etc., asked me to do a study on the possibility to use the smart card and to use the certificate it contains in order to identify users and use access control type filtering.


0 Kudos

Identity Awareness uses associations of User Identity (combination of user auth details with some sort of authentication techniques, such as AS, LDAP, etc and machine identity for managed PCs) and IP associated with the identified endpoint. FW uses IP to enforced rules associated with User Roles.

I suggest you to look into sk86441 for the best scenario. 


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events