Check Point Full Disk Encryption Self-Help Portal

The Self-Help Portal lets users reset their own passwords for Full Disk EncryptionClosed A component on Endpoint Security Windows clients. This component combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops. Acronym: FDE.. To use the Self-Help Portal, the user must register to the portal first. After registration users can use the Self-Help Portal for password recovery.

The Self-Help Portal only works with Active Directory users. Make sure that the Endpoint Security Active Directory Scanner is configured and that the Active Directory is scanned.

The portal is available for desktop and mobile devices.

For supported browsers and devices, see the R80.40 Release Notes.

Activating the Self-Help Portal

You must enable the Self-Help Portal on the Endpoint Security Management ServerClosed A Security Management Server that manages your Endpoint Security environment. Includes the Endpoint Security policy management and databases. It communicates with endpoint clients to update their components, policies, and protection data. to activate it.

Note - In Gaia Portal > Hosts and DNS page, make sure to configure:

  • The DNS Sever

  • Domain Name

  • DNS suffix

To enable the Self-Help Portal:

On the Endpoint Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server., run these commands:

cd $UEPMDIR/engine/scripts

selfhelp_cmd enable

Note that this restarts the Endpoint Security Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

After activation, the Self-Help Portal is available at:

http://<IP Address of Endpoint Security Management Server>/eps_shp

To disable the Self-Help Portal, run:

selfhelp_cmd disable

To query the status the Self-Help Portal, run:

selfhelp_cmd status

Configuring the Self-Help Portal

The Self-Help Portal only works with Active Directory users. Before you can use the Portal, make sure that the Endpoint Security Active Directory Scanner is configured and that the Active Directory is scanned.

Users must be authorized for Pre-bootClosed Authentication before the Operating System loads. on one or more computers before they register in the Portal.

To configure Self-Help Portal settings in SmartEndpoint:

  1. In the Policy Tab, in a OneCheck User Settings ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session., right-click the Allow password Self Help action and select Edit.

  2. Select Allow password self-help to let users recover their password by answering questions. Clear the option to not let users recover their password by answering questions.

  3. Make selections to configure the options for Enrollment to the Portal and Password Assistance.

  4. Click Questions Bank to select which questions are asked for user enrollment to the Self-Help Portal.

  5. Click OK.

  6. Click OK.

  7. Save.

  8. Click Install Policy and select the Self-Help Settings Policy.

Users can register to the Self-Help Portal and use it to recover passwords.

The portal address is:

http://<IP Address of Endpoint Security Management Server>/eps_shp

User Settings for the Self-Help Portal

You can force users to re-register to the Self-Help Portal or block users from recovering password in the portal.

To change a user's settings for the Self-Help Portal:

  1. In SmartEndpointClosed A Check Point GUI application which connects to the Endpoint Security Management Server, to manage your Endpoint Security environment - to deploy, monitor and configure Endpoint Security clients and policies., in the Users and Computers tab, right-click on a user and select User Authentication (OneCheck).

  2. Select Reset Self-Help Enrollment to force the user to re-register to the portal.

    Select Lock Password Self-Help to prevent users from recovering passwords in the portal.

  3. A confirmation message shows. Click Yes.

Monitoring the Self-Help Portal Policy

To see the status of user enrollment and recovery for the Self-Help Portal:

In SmartEndpoint, in the Reporting tab, select User Authentication Policy > Self Help Status.