In This Section: |
Enable or disable UserCheck directly on the Security Gateway. The Gateways page in the Software Blade tab shows the Security Gateways that use that Software Blade. Make sure the UserCheck is enabled on each Security Gateway in the network. The Security Gateway has an internal persistence mechanism that preserves UserCheck notification data if the Security Gateway or cluster reboots. Records of a user answering or receiving notifications are never lost.
When you configure the Main URL of the UserCheck portal, if it is set to an external interface, the Accessibility option must be set to one of these:
If users connect to the Security Gateway remotely, make sure that the Security Gateway internal interface (in the Topology page) is the same as the Main URL for the UserCheck portal.
If you are using internal encrypted traffic, add a new rule to the Firewall Rule Base. This is a sample rule:
Source |
Destination |
VPN |
Service |
Action |
||
Any |
Security Gateway on which UserCheck client is enabled |
Any Traffic |
UserCheck |
Accept |
||
Note - When you enable UserCheck on an IP appliance, make sure to set the Voyager management application port to a port other than 443 or 80. |
To configure UserCheck on a Security Gateway:
The Gateway Properties window opens.
The UserCheck page opens.
Note - The Main URL field must be manually updated if:
The aliases must be resolved to the portal IP address on the corporate DNS server
By default, the portal uses a certificate from the Check Point Internal Certificate Authority (ICA). This might generate warnings if the user browser does not recognize Check Point as a trusted Certificate Authority. To prevent these warnings, import your own certificate from a recognized external authority.
Note: Make sure to add a rule to the Firewall Rule Base that allows the encrypted traffic.
You can use the usrchk
command in the gateway command line to show or clear the history of UserCheck objects.
Syntax: usrchk [debug] [hits]
Parameters:
Parameter |
Description |
debug |
Controls debug messages |
hits |
Shows user incident options: list - Options to list user incidents
clear - Options to clear user incidents
db - user hits database options |
Examples:
usrchk hits list all
: usrchk hits clear user <username>
Notes:
user <username>
if:usrchk hits list all
to see the names of the interaction objects. Use the name of the interaction object as it is shown in the list.The Revoke Incidents URL can revoke a user's responses to UserCheck notifications. The URL is:
://<IP of gateway>/UserCheck/RevokePage
If users regret their responses to a notification and contact their administrator, the administrator can send users the URL.
After a user goes to the URL, all of the user's responses to notifications are revoked. The logs in SmartView Tracker will show the user's activity, and that the actions were revoked afterwards.
Administrators can use the usrchk
command of the CLI to revoke incidents for one user, all users, or a specified interaction object.