This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
freeman91
Contributor
‎2025-02-28 01:34 AM
Jump to solution

Check Point Identity Collector - Windows Server firewall Permisoins

Hi all, 

I looked at all the threads related to Identity Collector, as well as the documentation for deploing Identity Collector and like other, I also have had a problem until I turned off firewall on windows server.

This is enough for me just to check if there is a connection issue to DC other then firewall. Now I want to turn on the firewall and allow only what is necessary. 
Are anyone here is willing to share setup of its windows firewall in case where its firewall is turned on, and connection with IC is green 🙂

Far now, I allowed only those 7 DCOM 135 rules  but it is not enough.

 

Screenshot_1.png

0 Kudos
1 Solution

Accepted Solutions
the_rock
MVP Platinum
MVP Platinum
‎2025-02-28 05:35 AM
In response to freeman91
Jump to solution

I just add a rule that says from fw to IC (bi-directionally), allow on any port, thats it.

Andy

Best,
Andy

View solution in original post

0 Kudos
7 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-02-28 03:12 AM
Jump to solution

HTTPS, DCOM, RPC, LDAP, DNS are needed depending on the server role. https://sc1.checkpoint.com/documents/Identity_Awareness_Clients_Admin_Guide/Content/Topics-IA-Client...

CCSM R77/R80/ELITE
0 Kudos
freeman91
Contributor
‎2025-02-28 05:10 AM
In response to Chris_Atkinson
Jump to solution

Can you assist me how does this rule looks like in firewall policy:

  • Add "Allow" rule

    Remote Event Log Management > Remote Event Log Management (RPC)
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-02-28 05:35 AM
In response to freeman91
Jump to solution

I just add a rule that says from fw to IC (bi-directionally), allow on any port, thats it.

Andy

Best,
Andy
0 Kudos
freeman91
Contributor
‎2025-02-28 05:59 AM
In response to the_rock
Jump to solution

Ok, I can accept that as a good workaround solution. 

 

Thank you!

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-02-28 06:01 AM
In response to freeman91
Jump to solution

Glad we can help. Btw, since we all do IT security here, goes without saying ports should always be indicated whenever possible, but at the end of the day, this is just internal communication, so I dont find it would be a huge deal...just my 2 cents.

Andy

Best,
Andy
0 Kudos
freeman91
Contributor
‎2025-02-28 06:05 AM
In response to the_rock
Jump to solution

I can agree. Just bc it is internal communication between DC and IC, any any policy with specified source and destination will do a job.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-02-28 06:08 AM
In response to freeman91
Jump to solution

Though you can always follow what Chris gave, its an official reference.

Andy

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events