You can use the Identity Awareness Configuration Utility to create custom Endpoint Identity Agent installation packages (the Identity Awareness Configuration Utility - IAConfigTool.exe
- is installed as part of Endpoint Identity Agent). Endpoint Identity Agents have many advanced configuration parameters. Some of these parameters are related to the installation process, while others are related to Endpoint Identity Agent functionality. All of the configuration parameters have default values that are deployed with the product and can remain unchanged.
Endpoint Identity Agent Type |
Description |
---|---|
Full |
Predefined Endpoint Identity Agent that includes packet tagging and computer authentication. It applies to all users of the computer, on which it is installed. Administrator permissions are required to use the Full Endpoint Identity Agent type. |
Light |
Predefined Endpoint Identity Agent that does not include packet tagging and computer authentication. You can install this Endpoint Identity Agent individually for each user on the target computer. Administrator permissions are not required. |
Terminal Servers |
Predefined Endpoint Identity Agent that installs Managed Asset Detection (MAD) services and the Multi-user host driver on Citrix and Terminal Servers. This Endpoint Identity Agent type cannot be used for endpoint computers. |
Custom |
Lets you configure custom features for all computers that use this agent, such as MAD services and packet tagging. |
You must install Microsoft .NET Runtime framework 4.0 or higher before you install and run the Endpoint Identity Agent Configuration Tool.
To install the .NET Runtime Framework v4.0:
To create a custom Endpoint Identity Agent installation package, you must first copy the customizable MSI file from the Security Gateway to your management computer. This is the computer, on which you use the Endpoint Identity Agent Configuration Tool.
To get the customizable MSI file:
/opt/CPNacPortal/htdocs/nac/nacclients/customAgent.msi
You must use the original copy of the MSI file when you work with the Endpoint Identity Agent Configuration Tool.
You must install Endpoint Identity Agent v2.0 or above (from Security Gateway R77 or above) on your management client computer. The Configuration Tool is installed in the Endpoint Identity Agent installation directory.
To install the Endpoint Identity Agent on your client computer:
/opt/CPNacPortal/htdocs/nac/nacclients/fullAgent.exe
/opt/CPNacPortal/htdocs/nac/nacclients/lightAgent.exe
To run the Endpoint Identity Agent Configuration Tool:
The Endpoint Identity Agent Configuration Tool opens.
You configure all features and options in the Endpoint Identity Agent Configuration Tool window.
MSI Package Path
Enter or browse to the source installation package. You must use a Check Point customizable MSI file as the source for the configuration tool.
Installation Type
Select whether the Endpoint Identity Agent applies to one user or to all users of the computer, on which it is installed.
Installation UI
Select one of these end user interaction options:
Endpoint Identity Agent Type
Select the type of Endpoint Identity Agent to install:
Custom Features
Select these features for the Custom Endpoint Identity Agent type:
Copy configuration
Save
Click to save this configuration to a custom MSI file. Enter a name for the MSI file.
To deploy a custom Endpoint Identity Agent with the Captive Portal:
customAgent.msi
package to the /opt/CPNacPortal/htdocs/nacclients/
directory on the Security Gateway.