Configuring Administrators

To configure an administrator:

  1. Connect to the Multi-Domain ServerClosed Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. with SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., and go to Permissions & Administrators > Administrators.

  2. Click New, or select an existing administrator and then click Edit.

  3. In the Administrator view, configure the settings described in the next sections.

Administrator - General

  • Name - Enter a unique administrator name.

  • Authentication Method - Select an authentication method and enter other authentication parameters as necessary. To learn more about the various authentication methods, see the R81 Security Management Administration Guide.

    To set a default value for this parameter, go to Permissions & Administrators > Advanced > Administrator Settings > Authentication Default Values. Select a default authentication from the list.

  • Certificate Information - Optional: Click Create to generate a new certificate.

    • You can use a certificate with or without an authentication method.

    • For an existing administrator definition, you can revoke an existing certificate and create a new one.

  • Multi-Domain Permission Profile - Select a Multi-Domain permission profile from the list.

    Accept the default permission profile or select a different one. You can also create a new permission profile to assign. For an existing administrator, the currently selected permission profile shows.

    Click the View icon to see details of the currently assigned permission profile.

    If the Edit icon shows, you have permissions to see and change the currently selected permission profile. Click the Edit icon to change the settings.

    Permission Profiles per Domain -Select one or more Domains, and then select a Domain permission profile for each one.

    + - Click to select a Domain to add to the profile.

    X - Click to remove the selected Domain from the profile.

    Note - The Permission Profiles per Domain Section does not show for Superusers, because Read/Write Domain permission profiles are assigned automatically to all Domains.

  • Expiration -Define when this administrator account expires.

    • Never - The administrator account does not expire.

    • Expire at - Select an expiration date for this administrator.

    To set a default value for this parameter, go to Permissions & Administrators > Advanced > Administrator Settings > Default Expiration Values.

Contact Options

  • Email - Enter the administrator email address.

  • Contact Details - Enter additional contact information.

  • Phone - Enter the administrator telephone number.

Note - If you upgraded from an earlier release, the system copies these values into the new release.