General Portal Settings

Background

The Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. runs different web-based portals over HTTPS:

All of these portals can resolve HTTPS hosts to IPv4 and IPv6 addresses over port 443.

In addition to SSLv3 and TLS 1.0 (RFC 2246), the Security Gateway supports:

Support for TLS 1.1 and TLS 1.2 is enabled by default. You can disable them in SmartDashboardClosed Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings. (for web-based portals) or with Database Tool (GuiDBEdit Tool) (for HTTPS InspectionClosed Feature on a Security Gateway that inspects traffic encrypted by the Secure Sockets Layer (SSL) protocol for malware or suspicious patterns. Synonym: SSL Inspection. Acronyms: HTTPSI, HTTPSi.).

To configure TLS protocol support for portals:

  1. In SmartDashboard, open Global Properties > SmartDashboard Customization.

  2. In the Advanced Configuration section, click Configure.

    The Advanced Configuration window opens.

  3. On the Portal Properties page, set minimum and maximum versions for SSL and TLS protocols.

To Configure TLS Protocol Support for HTTPS inspection:

  1. In Database Tool (GuiDBEdit Tool), on the Tables tab, select Other > ssl_inspection.

  2. In the Objects column, select general_confs_obj.

  3. In the Fields column, select the minimum and maximum TLS version values in these fields:

    • ssl_max_ver (default = TLS 1.2)

    • ssl_min_ver (default = SSLv3)

Each Mobile Access-enabled Security Gateway leads to its own Mobile Access user portal. Remote users log in to the portal using an authentication scheme configured for that Security Gateway.

From the R81 version, there is a new Mobile Access Portal. See The New Mobile Access Portal.

Portal URL

Remote users access the portal from a Web browser with https://<Gateway_IP>/sslvpn, where <Gateway_IP> is one of these:

  • FQDN that resolves to the IP address of the Security Gateway

  • IP address of the Security Gateway

Remote users that use HTTP are automatically redirected to the portal using HTTPS.

Note - If Hostname Translation is the method for link translation, FQDN is required.

Set up the URL for the first time in the Mobile Access First Time Wizard.

To change the Mobile Access Portal URL:

  1. In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., click Gateways & Servers and double-click the Security Gateway.

    The Security Gateway window opens and shows the General Properties page.

  2. From the navigation tree, click Mobile Access > Portal Settings.

  3. Change the Main URL.

  4. Optional: Click the Aliases button to Add URL aliases that are redirected to the main portal URL. For example, portal.example.com can send users to the portal. To make the alias work, it must be resolved to the main URL on your DNS server.

  5. Install policy.

Portal Server Certificate

If you do not import a certificate, the portal uses a Check Point auto-generated certificate. This might cause browser warnings if the browser does not recognize the Security Gateway's management. All portals on the same IP address use the same certificate.

To configure the accessibility settings for the portal:

  1. In SmartConsole, click Gateways & Servers and double-click the Security Gateway.

    The Security Gateway window opens and shows the General Properties page.

  2. From the navigation tree, click Mobile Access > Portal Settings.

  3. Click Import to import a p12 certificate for the portal website to use.

  4. Click OK.

  5. Install policy.

Portal Accessibility Settings

The portal access control settings (Portal Accessibility Settings in the UI) allow you to configure access to the Mobile Access Portal. The options are based on the topology configured for the Security Gateway.

To configure the accessibility settings for the portal:

  1. In SmartConsole, click Gateways & Servers and double-click the Security Gateway.

    The Security Gateway window opens and shows the General Properties page.

  2. From the navigation tree, click Mobile Access > Portal Settings.

  3. In the Accessibility area, click Edit.

  4. Install policy.