UserCheck Interaction Objects

This section describes how to configure UserCheck Interaction Objects.

UserCheck Interaction Objects add flexibility and give the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. a mechanism to communicate with users.

You use the UserCheck Interaction Objects in the "Action" column of the Data Loss Prevention Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP. Policy to:

Help users with decisions that can be dangerous to the organization security.
Share the organization changing internet policy for web applications and sites with users, in real-time.

Note - You can only edit UserCheck Interaction objects in SmartDashboard Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings.. You cannot create or edit them in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..

Default UserCheck Interaction Objects

Default Objects

In SmartConsole, open SmartDashboard and go to the Data Loss Prevention tab in one of these ways:
In "Manage & Settings" view
1. From the left navigation panel, click Manage & Settings.
2. In the top left pane, click Blades.
3. In the Data Loss Prevention section, click Configure in SmartDashboard.
In the "Security Policies" view
1. From the left navigation panel, click Security Policies.
2. In the Shared Policies section, click DLP.
3. In the middle of the screen, click Open DLP Policy in SmartDashboard.
From the navigation tree, click UserCheck.

These are the default UserCheck Interaction Objects:

UserCheck Interaction Object	Action Type	Description
Ask User	Ask	Appears when the action for the rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. is Ask. It informs users what the company policy is for that site and they must click OK to continue to the site.
Blocked Message	Block	Appears when a request is blocked.
Cancel Page	Cancel	Appears after a user gets an Inform or Ask message and clicks Cancel.
Inform User	Inform	Appears when the action for the rule is Inform. It informs users what the company policy is for that site.
Success Page	Approve	Appears when the information was sent according to the user's request.
Successfully Discarded	Discard	Appears when the information was successfully discarded according to the user's request.

Notes:

The UserCheck Interaction Objects you create in the future also appear on this page.
The Ask and Inform pages include the Cancel button that users can click to cancel the request.

You can preview each UserCheck Interaction page in these views:

View	Description
Regular view	Shows how the message appears in a web browser on a PC or laptop
Mobile Device	Shows how the message appears in a web browser on a mobile device
Email	Shows how the message appears in an email
Agent	Shows how the UserCheck Client shows this message

The top toolbar provides these actions:

Action	Meaning
New	Creates a new UserCheck object
Edit	Modifies an existing UserCheck object
Delete	Deletes an UserCheck object
Clone	Clones the selected UserCheck object.

Creating New UserCheck Interaction Objects

Procedure

In SmartConsole, open SmartDashboard and go to the Data Loss Prevention tab in one of these ways:
In "Manage & Settings" view
1. From the left navigation panel, click Manage & Settings.
2. In the top left pane, click Blades.
3. In the Data Loss Prevention section, click Configure in SmartDashboard.
In the "Security Policies" view
1. From the left navigation panel, click Security Policies.
2. In the Shared Policies section, click DLP.
3. In the middle of the screen, click Open DLP Policy in SmartDashboard.
Open the required Security Policy Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection.:
1. From the top left corner, click the Menu button > File > Open.
2. Select the applicable policy.
3. Click Open.
Create a new UserCheck Interaction Object in one of these ways:
On the "UserCheck" page
1. From the navigation tree, click UserCheck.
2. From the top toolbar, click New > click the applicable UserCheck Interaction:
  1. New Ask UserCheck
    
    Shows a message to users that asks them if they want to continue with the request or not. To continue with the request, the user is expected to supply a reason.
  2. New Inform UserCheck
    
    Shows an informative message users. Users can continue to the application or cancel the request.
  3. New Prevent UserCheck
    
    Shows a message to users and block the application request.
On the "Policy" page
1. From the navigation tree, click Policy.
2. Locate the applicable rule.
3. In the Action column, right-click > hover over the applicable UserCheck Interaction > click New:
  - Ask User
    
    Shows a message to users that asks them if they want to continue with the request or not. To continue with the request, the user is expected to supply a reason.
  - Inform User
    
    Shows an informative message users. Users can continue to the application or cancel the request.
  - Prevent
    
    Shows a message to users and block the application request.
See the section Configuring UserCheck Interaction Objects.

Configuring UserCheck Interaction Objects

Procedure

Create a new UserCheck Interaction Object, or open an existing UserCheck Interaction Object.

See:
- Default UserCheck Interaction Objects
- Creating New UserCheck Interaction Objects

From the left tree, click the Message page:

Enter a name for this object.
Optional: Enter a comment for this object.

To select a language for the message (English is the default), above the message section, click the Languages button > select the required languages > click OK.

Note - The corresponding tab appears for each language you select.

To insert a variable field into the message, from the top toolbar, click Insert Field and click the applicable variable.

Notes:

When the Ask User, Inform User, or Prevent action occurs, the UserCheck Portal and UserCheck Client replaces these variables with applicable values in the message.
To resolve the Username variable, you must enable the Identity Awareness Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. and configure the required settings. See the R81 Identity Awareness Administration Guide.

To add your logo, in the message body, click the Check Point logo image > click Add > browse to the required image file and select it > click Open.

Notes:

The height of the image must be 176 pixels or less.
The width of the image must be 52 pixels or less.

To insert special fields for user input, from the top toolbar, click Insert User Input and click the applicable option.

Important:

To change the view to raw HTML code, right-click anywhere inside the message and click Switch to Text Mode.

To go back, right-click anywhere inside the message and click Switch to HTML Mode.
To preview the current message, in the bottom right corner, click Preview in browser.

From the left tree, click the Languages page:

If on the Message page you selected several languages, then on this page you can select a default language for the UserCheck message.

This control message language if the language setting in the user's web browser cannot be determined.

From the left tree, click the Fallback Action page:

Select an alternative action (Allow or Block) for cases when it is not possible to show the UserCheck notification in the web browser or application that caused the notification.

Fallback Action	Action	Behavior
Allow	Inform User	Allow the user to access the website or application. The UserCheck Client (if installed) shows the notification.
Block	Ask User	The Security Gateway tries to show the notification in the application that caused the notification. If it cannot, and the UserCheck Client is installed, the UserCheck Client shows the notification. Blocks the website or application, even if the user does not see the notification.

Fallback Action

Action

Behavior

Allow

Inform User

Allow the user to access the website or application.

The UserCheck Client (if installed) shows the notification.

Block

Ask User

The Security Gateway tries to show the notification in the application that caused the notification.

If it cannot, and the UserCheck Client is installed, the UserCheck Client shows the notification.

Blocks the website or application, even if the user does not see the notification.

From the left tree, click the Conditions page:

Select actions that must occur before users can access the application.

Condition	Behavior
User accepted and selected the confirm checkbox	This applies if on the Message page from the Insert User Input menu you inserted the element Confirm Checkbox. In the message, users must select the checkbox before they can access the application.
User filled some textual input	This applies if on the Message page from the Insert User Input menu you inserted the element Textual Input. Users must enter text in the text field before they can access the application. For example, you might require that users to enter an explanation for use of the application.

Condition

Behavior

User accepted and selected the confirm checkbox

This applies if on the Message page from the Insert User Input menu you inserted the element Confirm Checkbox.

In the message, users must select the checkbox before they can access the application.

User filled some textual input

This applies if on the Message page from the Insert User Input menu you inserted the element Textual Input.

Users must enter text in the text field before they can access the application.

For example, you might require that users to enter an explanation for use of the application.

Click OK.
Preview your UserCheck Interaction in the right pane in each available view.
From the top SmartDashboard toolbar (Menu button > File menu), click Update.
Close SmartDashboard.
In SmartConsole, install the Access Control Policy.