Web Remote Help

Administrators can use the built in Remote Help Users can be denied access to their Full Disk Encryption-protected computers or Media Encryption & Port Protection-protected devices for many different reasons. Remote Help can help users in these types of situations. The user contacts the Help Desk or specified administrator and follows the recovery procedure. or online portal on the Endpoint Security Management Server A Security Management Server that manages your Endpoint Security environment. Includes the Endpoint Security policy management and databases. It communicates with endpoint clients to update their components, policies, and protection data., or create a dedicated server for the online web portal.

Administrators can authenticate to the web portal with these authentication methods:

• Check Point Password login (default)- Configure this in SmartEndpoint A Check Point GUI application which connects to the Endpoint Security Management Server, to manage your Endpoint Security environment - to deploy, monitor and configure Endpoint Security clients and policies.

• Active Directory Password - See Configuring SSL Support for AD Authentication

• Dynamic Token

Turning on Web Remote Help on Endpoint Security Management Server

You must turn on the Web Remote Help in SmartEndpoint before you can use it.

To turn on the Web Remote Help:

1. In SmartEndpoint, go to Manage > Endpoint Servers.

   The Endpoint Servers window opens.

2. Double-click on the name of a server in the list.

3. Select Endpoint Remote Help Server.

4. Click Next.

5. Install Database.

When you turn on or turn off the Web Remote Help, the Endpoint Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. restarts and all connections with client computers and SmartEndpoint sessions get disconnected.

Configuring the Length of the Remote Help Response

Administrators can configure how many characters are in the Remote Help response that users must enter. The default length is 30 characters.

To change the length of the Remote Help response:

1. In the Policy tab, Full Disk Encryption rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session., double-click the Pre-boot Protection action.

2. In the Pre-boot Protection Properties window, click Advanced Pre-boot Settings.

3. In the Advanced Pre-boot Settings window, Remote Help area, select a Remote Help response length.

4. Click OK.

5. Click OK.

6. Install policy.

Logging into Web Remote Help portal

You can log into Web Remote Help portal using one of these methods:

• Password Login

• Token Login

Password Login is the default method and shows when you first connect to the portal. The link in the right bottom corner of the Endpoint Security Web Remote Help window lets you toggle between the two login methods.

To login using Password Login method:

1. Enter a User Name and select a domain name from the Domains list.

   Notes -

   • You can set the user name in UPN format, for example: UserName@example.com

   • Domain name for the internal users is internal-users

2. Enter the Password.

3. Click Log In.

To login using Token Login method:

1. Enter a User Name and select a domain name from the Domains list.

   Notes - You can set the user name in UPN format, for example: UserName@ExampleCompany.com Domain name for the internal users is internal-users

2. Click Next.

3. Enter the Challenge string into your token.

4. Enter the Response generated by the X.99 Token.

5. Click Login.

Configuring a Standalone Web Remote Help Server

You can use the built in Remote Help or online portal on the Endpoint Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server., or create a dedicated, standalone Configuration in which the Security Gateway and the Security Management Server products are installed and configured on the same server. server for the online web portal.

To configure a standalone Remote Help Server:

1. In SmartEndpoint, go to Manage > Endpoint Servers.

   The Endpoint Server window opens.

2. Click New.

3. Select an Endpoint Security Management Server.

4. In the window that opens, select Endpoint Security Management Server.

5. Enter Server Name and IP Address.

6. Select a color (optional).

7. Enter a comment (optional).

8. Click Next.

9. Create SIC Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. trust between the Primary Endpoint Security Management Server and the Remote Help sever:

   1. Enter the same SIC Activation Key as the one you entered in the Check Point Configuration Tool.

   2. Click Initialize to create a state of trust between the Endpoint Security Management Servers.

   3. If trust creation fails, click Test SIC Status to see troubleshooting instructions.

   4. If you have to reset the SIC, click Reset, reset the SIC on the Remote Help server, then click Initialize.

   5. Click Next.

10. Install Database on all servers.

Managing Web Remote Help Accounts

You can do these web Remote Help account management actions:

• Add web Remote Help accounts

• Delete web Remote Help accounts

• Edit web Remote Help accounts

• Search for existing web Remote Help accounts

Adding a Web Remote Help Account

To add a web Remote Help account:

1. In SmartEndpoint, go to Manage > Web Remote Help Accounts.

   The Web Remote Help Accounts window opens.

2. Click New.

   The Web Remote Help Account wizard opens.

3. Select a User type:

   • Existing User/Group - AD user or group

   • Local User - Check Point user

4. Click Next.

5. Configure login credentials:

   User type & Authentication	Credentials
   Existing user with AD authentication	In the Login field, type the name of a user from the AD (auto-complete field). In the Login Method, select AD Authentication.
   Existing user with Token authentication	In the Login field, type the name of a user from the AD (auto-complete field). In the Login Method, select Token. Click Select. Select a token. Click OK.
   Local user with fixed password authentication	In the Login field, type the login name of a user. In the Login Method, select Password.
   Local user with Token authentication	In the Login field, type the login name of a user. In the Login Method, select Token. Click Select. Select a token. Click OK.
   AD Group/OU with AD Authentication	In the Login field, type the name of a group from the AD (auto-complete field). In the Login Method, select AD Authentication. Note - Token authentication is not supported for AD Group/OU.

6. Click Next.

7. Set the expiration date (optional):

   1. Select Expiration.

   2. Select a Start Date.

   3. Select an Expiration Date.

8. Set the location, if necessary:

   1. In the Account Details section, click Add.

   2. Enter a location or select one from the list.

9. Click Finish.

To disable the Web Remote Help account:

Select Disable remote help account. When you create a new account, it is enabled by default.

Editing a Web Remote Help Account

To edit a web Remote Help account:

1. In SmartEndpoint, go to Manage > Web Remote Help Accounts.

   The Web Remote Help Accounts window opens.

2. Select an existing account from the list.

3. Click Edit.

   The Web Remote Help Account Configuration window opens.

4. Change the configuration as necessary.

   Note - you cannot change the type of an existing account.

Deleting a Web Remote Help Account

To delete a web Remote Help account:

1. In SmartEndpoint, go to Manage > Web Remote Help Accounts.

   The Web Remote Help Accounts window opens.

2. Select an existing account from the list.

3. Click Delete.

4. Click OK.

Searching for an Existing Web Remote Help Account

To search for an existing web Remote Help account:

1. In SmartEndpoint, go to Manage > Web Remote Help Accounts.

   The Web Remote Help Accounts window opens.

2. In the search box, type in the name of an account.

   List of results shows.

Configuring SSL Support for AD Authentication

To use Remote Help with AD password, it is necessary for the Remote Help server to connect to the domain controller with SSL.

To configure SSL Support:

1. Get an SSL certificate from your Domain Controller.

2. Import the SSL certificate to the Endpoint Security Management Server. See sk84620 for how to install the Domain Controller certificate on the Remote Help server.

3. Run this CLI command on the Endpoint Security Management Server to activate the SSL connection:

   $UEPMDIR/system/install/wrhAuthConfig

Note - Web Remote Help works with LDAPS or LDAP authentication only. Mixed mode is not supported.