Configuring UserCheck

Configuring the Security Gateway for UserCheck

Enable or disable UserCheck directly on the Security Gateway. The Application and URL Filtering tab > Gateways window shows a list of Security Gateways with the Application Control blade enabled.

To configure a Security Gateway for UserCheck:

1. Select a Security Gateway and click Edit.

   The Properties window opens.

2. On the UserCheck page, select Enable UserCheck.
3. Enter the information for the UserCheck portal:
   • In the Main URL field, enter the primary URL for the web portal that shows the UserCheck notifications.

     Notes - If the Main URL points to an external interface, the Accessibility option must be set to one of these: Through all interfaces According to the firewall Policy If users connect to the Security Gateway remotely, set the Security Gateway internal interface (on the Topology page) to be the same as the Main URL for the UserCheck portal. In the IP address field, enter the IP address that the URL resolves to. Click Aliases to add URL aliases that redirect different hostnames to the Main URL, for example: Usercheck.mycompany.com. The aliases must be resolved to the portal IP address on the corporate DNS server

4. In the Certificate area, click Import to import a certificate that the portal uses to authenticate to the server.

   By default, the portal uses a certificate from the Check Point Internal Certificate Authority (ICA). This might generate warnings if the user browser does not recognize Check Point as a trusted Certificate Authority. To prevent these warnings, import your own certificate from a recognized external authority.

5. In the Accessibility area, click Edit to configure interfaces on the Security Gateway through which the portal can be accessed. These options are based on the topology configured for the Security Gateway. Users are sent to the UserCheck portal if they connect:
   • Through all interfaces
   • Through internal interfaces (default)
     • Including undefined internal interfaces
     • Including DMZ internal interfaces
     • Including VPN encrypted interfaces (default)

   Note - If Including VPN encrypted interfaces is selected, add a Firewall rule that looks like this: Source Destination VPN Service Action Any Security Gateway on which UserCheck client is enabled Any Traffic UserCheck Accept

   • According to the Firewall Policy. Select this option if there is a rule that states who can access the portal.
6. Click OK.
7. Install Policy.

UserCheck CLI

You can use the usrchk command in the gateway command line to show or clear the history of UserCheck objects.

usrchk [debug] [hits]

debug

hits

Examples:

• To show all UserCheck interaction objects, run: usrchk hits list all
• To clear the incidents for a specified user, run: usrchk hits clear user <username>

Notes:

• You can only run a command that contains user <username> if:
  • Identity Awareness is enabled on the gateway.
  • Identity Awareness is used in the same policy rules as UserCheck objects.
• To run a command that contains a specified UserCheck interaction object, first run usrchk hits list all to see the names of the interaction objects. Use the name of the interaction object as it is shown in the list.

Revoking Incidents

The Revoke Incidents URL can revoke a user's responses to UserCheck notifications. The URL is:

://<IP of gateway>/UserCheck/RevokePage

If users regret their responses to a notification and contact their administrator, the administrator can send users the URL.

After a user goes to the URL, all of the user's responses to notifications are revoked. The logs in SmartView Tracker will show the user's activity, and that the actions were revoked afterwards.

Administrators can use the usrchk command of the CLI to revoke incidents for one user, all users, or a specified interaction object.