UserCheck in the Access Control Policy

This section describes how to configure and use UserCheck.

When you enable the UserCheck feature, the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. sends messages to users about possible non-compliant behavior or dangerous Internet browsing, based on the rules an administrator configured in the Security Policy Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection.. This helps users prevent security incidents and learn about the organizational security policy. You can develop an effective policy based on logged user responses. Create UserCheck objects and use them in the Rule Base All rules configured in a given Security Policy. Synonym: Rulebase., to communicate with the users.

These Software Blades support the UserCheck feature:

• Data Loss Prevention Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP.

• Access Control:

  • Application Control Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI.

  • URL Filtering Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF.

  • Content Awareness Check Point Software Blade on a Security Gateway that provides data visibility and enforcement. Acronym: CTNT.

• Threat Prevention:

  • Anti-Bot Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT.

  • Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV.

  • Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE.

  • Threat Extraction Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX.

  • Zero Phishing Check Point Software Blade on a Security Gateway (R81.20 and higher) that provides real-time phishing prevention based on URLs. Acronym: ZPH.

Getting Started with UserCheck for the Application Control, URL Filtering, and Content Awareness Software Blades:

1. In SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., in the Security Gateway / Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. object:

   1. Enable the applicable Access Control Software Blades.

   2. Configure the applicable UserCheck settings.

      See Configuring UserCheck.

   3. Optional: Download the UserCheck Client and install it on endpoint computers.

      See the R81.20 Quantum Security Gateway Guide > Chapter "UserCheck Client".

2. Optional: In the Global Properties, configure the applicable UserCheck settings.

3. Configure the applicable UserCheck Interaction Objects.

   See UserCheck Interaction Objects for Access Control Software Blades.

4. Configure the applicable Access Control Policy.

   See Creating an Access Control Policy:

   In Access Control rules, click in the Action column > click the applicable menu Drop, Ask, or Inform > select the required UserCheck Interaction object.

5. Install the Access Control Policy on the Security Gateway / Cluster object.

6. Additional Configuration:

   • Localizing and Customizing the UserCheck Portal