cpca_client set_mgmt_tool

Parameters

Parameter	Description
-d	Runs the command in debug mode. Use only if you troubleshoot the command itself. Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.
on	Starts the ICA Management Tool.
off	Stops the ICA Management Tool.
add	Adds the specified administrator, user, or custom user that is permitted to use the ICA Management Tool.
remove	Removes the specified administrator, user, or custom user that is permitted to use the ICA Management Tool.
clean	Removes all administrators, users, or custom users that are permitted to use the ICA Management Tool.
print	Shows the configured administrators, users, or custom users that are permitted to use the ICA Management Tool.
-p <CA port number>	Optional. Specifies the TCP port on the Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. or Domain Management Server, which is used to connect to the Certificate Authority. The default TCP port number is 18265.
-a <Administrator DN>	Optional. Specifies the DN of the administrator that is permitted to use the ICA Management Tool. Must specify the full DN as appears in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. Procedure Open Object Explorer > Users Open the Administrator object or a User object properties Click the Certificates pane Select the certificate and click the pencil icon Click View certificate details In the Certificate Info window, click the Details tab Click the Subject field Concatenate all fields Example: -a "CN=ICA_Tool_Admin,OU=users,O=MGMT.s6t98x"
-u <User DN>	Optional. Specifies the DN of the user that is permitted to use the ICA Management Tool. Must specify the full DN as appears in SmartConsole: Procedure Open Object Explorer > Users Open the Administrator object or a User object properties Click the Certificates pane Select the certificate and click the pencil icon Click View certificate details In the Certificate Info window, click the Details tab Click the Subject field Concatenate all fields Example: -u "CN=ICA_Tool_User,OU=users,O=MGMT.s6t98x"
-c <Custom User DN>	Optional. Specifies the DN for the custom user that is permitted to use the ICA Management Tool. Must specify the full DN as appears in SmartConsole. Procedure Open Object Explorer > Users Open the Administrator object or a User object properties Click the Certificates pane Select the certificate and click the pencil icon Click View certificate details In the Certificate Info window, click the Details tab Click the Subject field Concatenate all fields Example: -c "CN=ICA_Tool_User,OU=users,O=MGMT.s6t98x"

Note - If you run the "cpca_client set_mgmt_tool" command without the parameter "-a" or "-u", the list of the permitted administrators and users is not changed. The previously defined permitted administrators and users can start and stop the ICA Management Tool.

To connect to the ICA Management Tool

1. In SmartConsole, configure the required administrator and user objects.

   You must create a certificate for these administrators and users.

   You use this certificate to configure the permitted users in the ICA Management Tool and in the client web browsers.

   See:

   • Managing Administrator Accounts.

   • Managing User Accounts

2. In the command line on the Management Server, add the required administrators and users that are permitted to use the ICA Management Tool.

   cpca_client set_mgmt_tool add ...

3. In the command line on the Management Server, start the ICA Management Tool.

   cpca_client set_mgmt_tool on

4. Check the status of the ICA Management Tool:

   cpca_client set_mgmt_tool print

5. Import the administrator's / user's certificate into the Windows Certificate Store:.

   1. Right-click the *.p12 file you saved when you created the required administrator / user, and click Install PFX.

      The Certificate Import Wizard opens.

   2. In the Store Location section, select the applicable option:

      • Current User (this is the default)

      • Local Machine

   3. Click Next.

   4. Enter the same certificate password you used when you created the required administrator / user certificate.

   5. Clear Enable strong private key protection.

   6. Select Mark this key as exportable.

   7. Click Next.

   8. Select Place all certificates in the following store > click Browse > select Personal > click OK.

   9. Click Next.

   10. Click Finish.

6. In a web browser, connect to the ICA Management Tool:

   https://<IP Address of the Management Server>:18265

   Important - The fact that the TCP port 18265 is open is not a vulnerability. The ICA Management Tool Portal is secured and protected by SSL. In addition, only authorized administrators and users are allowed to access it using a certificate.

7. A dialog box with this message appears:

   Client Authentication

   Identification

   The Web site you want to view requests identification.

   Select the certificate to use when connecting.

8. Select the appropriate certificate for authenticating to the ICA Management Tool.

9. Click OK.

10. In the Security Alert dialog box, click Yes.