Configuring Checkpoint Next-Generation Firewall

Checkpoint firewall detects traffic from an endpoint that matches a configured security policy using the access roles. It determines the role(s) associated with that user, and allows or denies the traffic based on the actions configured in the security policy.

Configuring Identity Awareness

The Identity Awareness lets you easily configure network access and auditing based on network location, identity of user, and identity of the device. When Identity Awareness identifies a source or destination, it shows the IP address of the user or computer with a name. For example, this lets you create firewall rules with any of these properties. You can define a firewall rule for specific users when they send traffic from specific computers or a firewall rule for a specific user regardless of which computer they send traffic from.

To enable Identity awareness:

  1. Login to the SmartDashboard UI and expand Check-point under Network Objects and then double click the network object

Figure106: Enabling Identity Awareness


  1. Update the Checkpoint firewall general properties.

Figure107: Checkpoint Gateway Settings



  1. Select Terminal Serversand note down the pre-shared secret key. This is the shared secret key. Under Accessibility, click Edit and set the TS agent to access the Checkpoint firewall through all interfaces.

Figure108: Identity Awareness



  1. Create user roles. For example, engg_role and remed_role.For example, Full_Access_Role and Limited_Access_Role. The role names must match with
  2. the Role names created on PPS.

Figure109: Creating Access Roles



  1. Click Policy and then configure the required policies. For example, Full_Access_Role policy allows traffic from Client with Full_Access_Role, Limited_Access_Role policy denies traffic from Client with Limited_Access_Role, and default_allow policy which allows all traffic. The Full_Access_Role is on the top of the list since it should be considered first.

Figure110: Security Policy based on Access Roles


  1. Click Install Policy.