Carlos Machado

User Directory vs. Identity Awareness

Discussion created by Carlos Machado on May 7, 2018
Latest reply on Nov 13, 2018 by Willem Goethals

Hi, community!


One of our customers is asking for clarification regarding these two blades and honestly we’re kinda having a hard time giving it to them, since the information in course material and admins guides isn't clear enough for them.


I know - and please correct me if I'm wrong or not entirely right - UD is a management blade that will allow us to communicate with an LDAP server and manage users on that server directly from our Check Point infrastructure, as well as define authentication schemes for them; whereas IA will use the identities retrieved from, let's say, an AD, and maps them to their IPs and machine names so we can use that information in rules through access roles.


We've tried that "management vs enforcement" point of view, but they get confused because according to them, some parts of the material state you can have IA without UD, but then the guide says IA uses UD. So, and I quote them, "which one is it?"


Thanks in advance for your comments!


EDIT: they're running R80/R80.10.