The ICA Management Tool

Overview

In the ICAClosed Internal Certificate Authority. A component on Check Point Management Server that issues certificates for authentication. Management Tool, an administrator can:

Note - The ICA Management Tool supports TLS.

Check Point ICA is fully compliant with X.509 standards for both certificates and CRLs. See the related X.509 and PKI documentation, and RFC 2459 for more information.

For more information, see sk102837: Best Practices - ICA Management Tool configuration

Connecting to the ICA Management Tool

The ICA Management Tool is disabled by default.

To connect to the ICA Management Tool:

  1. In SmartConsole, configure the required administrator and user objects.

    You must create a certificate for these administrators and users.

    You use this certificate to configure the permitted users in the ICA Management Tool and in the client web browsers.

  2. In the command line on the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server., add the required administrators and users that are permitted to use the ICA Management Tool.

    cpca_client set_mgmt_tool add ...

    See cpca_client set_mgmt_tool.

  3. In the command line on the Management Server, start the ICA Management Tool.

    cpca_client set_mgmt_tool on

    See cpca_client set_mgmt_tool.

  4. Check the status of the ICA Management Tool:

    cpca_client set_mgmt_tool print

    See cpca_client set_mgmt_tool.

  5. Import the administrator's / user's certificate into the Windows Certificate Store:

    1. Right-click the *.p12 file you saved when you created the required administrator / user, and click Install PFX.

      The Certificate Import Wizard opens.

    2. In the Store Location section, select the applicable option:

      • Current User (this is the default)

      • Local Machine

    3. Click Next.

    4. Enter the same certificate password you used when you created the required administrator / user certificate.

    5. Clear Enable strong private key protection.

    6. Select Mark this key as exportable.

    7. Click Next.

    8. Select Place all certificates in the following store > click Browse > select Personal > click OK.

    9. Click Next.

    10. Click Finish.

  6. In a web browser, connect to the ICA Management Tool:

    https://<IP Address of the Management Server>:18265

    Important - The fact that the TCP port 18265 is open is not a vulnerability. The ICA Management Tool Portal is secured and protected by SSL. In addition, only authorized administrators and users are allowed to access it using a certificate.

  7. A dialog box with this message appears:

    Client Authentication

    Identification

    The Web site you want to view requests identification.

    Select the certificate to use when connecting.

  8. Select the appropriate certificate for authenticating to the ICA Management Tool.

  9. Click OK.

  10. In the Security Alert dialog box, click Yes.

The ICA Management Tool Portal

Item

Pane

Description

1

Menu

Shows a list of operation.

2

Operations

3

Results

Shows the results of the applied operation.

This window consists of a table with a list of certificates and certificate attributes.