Configuring UserCheck

Enable or disable UserCheck directly on the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. . If users connect to the Security Gateway remotely, set the internal interface of the Security Gateway (on the Topology page) to be the same as the Main URL for the UserCheck Portal .

Go to the gateway editor, > UserCheck , and select Enable UserCheck for active blades .

In the UserCheck Web Portal section:

The Main URL field shows the primary URL for the web portal that shows the UserCheck notifications.

You can use the suggested Main URL or manually enter a different Main URL .

Note - The Main URL field contains an IP address and not a DNS name. Update the Main URL field If you change a Security Gateway 's IPv4 address to IPv6 address, or the other way around, .

Click Aliases to add URL aliases that redirect different hostnames to the Main URL . For example: Usercheck.mycompany.com

The aliases must be resolved to the portal IP address on the corporate DNS server.

By default, the portal uses a certificate from the Check Point Internal Certificate Authority (ICA Internal Certificate Authority. A component on Check Point Management Server that issues certificates for authentication. ). This might generate warnings if the user browser does not recognize Check Point as a trusted Certificate Authority . To prevent these warnings, import your own certificate from a recognized external authority.

Note - After you download your certificate, you can click Replace to replace it with a different certificate, and click View to see the certificate information.

In the Accessibility section, click Edit to configure interfaces on the Security Gateway through which the portal can be accessed. These options are based on the topology configured for the Security Gateway . The topology must be configured.

• Through all interfaces
• Through internal interfaces (default)
  • Including undefined internal interfaces
  • Including DMZ internal interfaces
  • Including VPN encrypted interfaces (default) - Interfaces used for establishing route-based VPN tunnels (VTIs).

  If the Main URL is set to an external interface, you must set the Accessibility option to one of these:

  • Through all interfaces - Necessary in VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. environment
  • According to the Firewall Policy

  UserCheck Client - The UserCheck Client is installed on Endpoint devices to communicate with the Security Gateway and show UserCheck Interaction notifications to users.

  • Activate UserCheck Client support - This enables UserCheck through the client.
  • Click Download Client to download the installation file for the UserCheck Client .

  Note - The link is not active until the UserCheck Portal is up.

  For more information about installation and configuration of the UserCheck Client , see .

  In the Mail Server section, configure a mail server for UserCheck . This server sends notifications to users that the Security Gateway cannot notify using other means, if the server knows the email address of the user. For example, if a user sends an email which matched on a rule, the Security Gateway cannot redirect the user to the UserCheck Portal because the traffic is not HTTP.

  • Use the default settings - Click the link to see which mail server is configured.
  • Use specific settings for this gateway - Select this option to override the default mail server settings.
  • Send emails using this mail server - Select a mail server from the list, or click New and define a new mail server.

  If there is encrypted traffic through an internal interface, add a new rule to the Firewall Layer of the Access Control Policy.