In This Section: |
Enable or disable UserCheck directly on the Security Gateway. Make sure that the UserCheck is enabled on each Security Gateway in the network.
The Security Gateway has an internal persistence mechanism that preserves UserCheck notification data if the Security Gateway or cluster reboots. Records of a user answering or receiving notifications are never lost.
To configure UserCheck on a Security Gateway:
The Gateway Properties window opens.
The UserCheck page opens.
In the Main URL field, enter the primary URL for the web portal that shows the UserCheck notifications.
If users connect to the Security Gateway remotely, make sure that the Security Gateway internal interface (in the Network Management page) is the same as the Main URL.
Note - The Main URL field must be manually updated if:
The aliases must be resolved to the portal IP address on the corporate DNS server
By default, the portal uses a certificate from the Check Point Internal Certificate Authority (ICA). This might generate warnings if the user browser does not recognize Check Point as a trusted Certificate Authority. To prevent these warnings, import your own certificate from a recognized external authority.
Users are sent to the UserCheck portal if they connect:
Note: Make sure to add a rule to the Firewall Rule Base that allows the encrypted traffic.
If the Main URL is set to an external interface, you must set the Accessibility option to one of these:
Source |
Destination |
VPN |
Services & Applications |
Action |
Any |
Security Gateway on which UserCheck client is enabled |
Any |
UserCheck |
Accept |
The Revoke Incidents URL can revoke a user's responses to UserCheck notifications. The URL is:
://<IP of gateway>/UserCheck/RevokePage
If users regret their responses to a notification and contact their administrator, the administrator can send users the URL.
After a user goes to the URL, all of the user's responses to notifications are revoked. The logs in the R80 SmartConsole Logs & Monitor view Logs tab will show the user's activity, and that the actions were revoked afterwards.
Administrators can use the usrchk
command of the CLI to revoke incidents for one user, all users, or a specified interaction object.