Checkpoint firewall detects traffic from an endpoint that matches a configured security policy using the access roles. It determines the role(s) associated with that user, and allows or denies the traffic based on the actions configured in the security policy.
The Identity Awareness lets you easily configure network access and auditing based on network location, identity of user, and identity of the device. When Identity Awareness identifies a source or destination, it shows the IP address of the user or computer with a name. For example, this lets you create firewall rules with any of these properties. You can define a firewall rule for specific users when they send traffic from specific computers or a firewall rule for a specific user regardless of which computer they send traffic from.
To enable Identity awareness:
Figure106: Enabling Identity Awareness
Figure107: Checkpoint Gateway Settings
Figure108: Identity Awareness
the Role names created on PPS.
Figure109: Creating Access Roles
Figure110: Security Policy based on Access Roles