UserCheck in the Access Control Policy

When you enable the UserCheck feature, the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. sends messages to users about possible non-compliant behavior or dangerous Internet browsing, based on the rules an administrator configured in the Security Policy Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection.. This helps users prevent security incidents and learn about the organizational security policy. Create UserCheck objects and use them in the Rule Base All rules configured in a given Security Policy. Synonym: Rulebase., to communicate with the users. You can develop an effective policy based on logged user responses.

These Software Blades support the UserCheck feature:

Configuring UserCheck on the Security Gateway

Enable or disable UserCheck directly on the Security Gateway. If users connect to the Security Gateway remotely, set the internal interface of the Security Gateway (on the Topology page) to be the same as the Main URL for the UserCheck Portal.

To configure UserCheck on a Security Gateway

Step

Instructions

Go to the gateway editor, > UserCheck, and select Enable UserCheck for active blades.

In the UserCheck Web Portal section:

The Main URL field shows the primary URL for the web portal that shows the UserCheck notifications.

You can use the suggested Main URL or manually enter a different Main URL.

Optional:

Click Aliases to add URL aliases that redirect different hostnames to the Main URL. For example: Usercheck.mycompany.com

The aliases must be resolved to the portal IP address on the corporate DNS server.

In the Certificate section, click Import to import a certificate that the portal uses to authenticate to the Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server..

By default, the portal uses a certificate from the Check Point Internal Certificate Authority (ICA Internal Certificate Authority. A component on Check Point Management Server that issues certificates for authentication.). This might generate warnings if the user browser does not recognize Check Point as a trusted Certificate Authority. To prevent these warnings, import your own certificate from a recognized external authority.

Note - After you download your certificate, you can click Replace to replace it with a different certificate, and click View to see the certificate information.

In the Accessibility section, click Edit to configure interfaces on the Security Gateway through which the portal can be accessed. These options are based on the topology configured for the Security Gateway. The topology must be configured.

If the Main URL is set to an external interface, you must set the Accessibility option to one of these:

Through all interfaces - Necessary in VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. environment
According to the Firewall Policy

UserCheck Client - The UserCheck Client is installed on Endpoint devices to communicate with the Security Gateway and show UserCheck Interaction notifications to users.

Activate UserCheck Client support - This enables UserCheck through the client.

Click Download Client to download the installation file for the UserCheck Client.

Note - The link is not active until the UserCheck Portal is up.

For more information about installation and configuration of the UserCheck Client, see .

In the Mail Server section, configure a mail server for UserCheck. This server sends notifications to users that the Security Gateway cannot notify using other means, if the server knows the email address of the user. For example, if a user sends an email which matched on a rule, the Security Gateway cannot redirect the user to the UserCheck Portal because the traffic is not HTTP.

Click OK.

If there is encrypted traffic through an internal interface, add a new rule to the Firewall Layer of the Access Control Policy.

This is a sample rule

Source	Destination	VPN	Services & Applications	Action
Any	Security Gateway on which UserCheck Client is enabled	Any	UserCheck	Accept

Install the Access Control Policy.

Creating UserCheck Interaction Objects

UserCheck Interaction objects add flexibility and give the Security Gateway a mechanism to communicate with users.

UserCheck Interaction objects:

Help users with decisions that can be dangerous to the organization security.
Share the organization's changing internet policy for web applications and sites with users, in real-time.

When UserCheck is enabled, the user's Internet browser shows the UserCheck Interaction messages in a new window.

The UserCheck page contains default UserCheck Interaction messages. You can edit, and preview UserCheck Interaction objects and their messages.

To see the default UserCheck Interaction objects:

In SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., go to Security Policies > Access Control > Access Tools > UserCheck.

You can create additional UserCheck Interaction objects based on your needs.

To create a UserCheck Interaction object:

Step

Instructions

In the UserCheck page, click New, and then select the object type:

Ask
Shows a message to users that asks them if they want to continue with the request or not. To continue with the request, the user is expected to supply a reason.
Inform
Shows an informative message to users. Users can continue to the application or cancel the request.
Block
Shows a message to users and blocks the application request.

The window opens for the new UserCheck object.

Enter Object Name.

From the menu-bar in the UserCheck object window, click the applicable option:

Source - Enter HTML code
Design - Enter text with formatting buttons and options

Optional: Click Language and select one or more languages for the message.

The default language for messages is English.

Enter the text for the title, subtitle, and body of the message.
In Source mode, in the body of the message, click these options for additional functionality.

Insert Field - Dynamic text such as: Original URL, Source IP address, and so on. When the Ask User, Inform User, or Block action occurs, the UserCheck Portal and UserCheck Client replaces these variables with applicable values in the message.

Notes - To resolve the Username variable, you must enable the Identity AwarenessSoftware Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. and configure the required settings. See the R81.20 Identity Awareness Administration Guide.

Insert User Input - To insert special fields for user input, such as: Confirm check box, Report Wrong Category and so on, from the top toolbar, click Insert User Input and click the applicable option.

You can also click Settings from the navigation tree to configure one or more of these options.

Click OK.

Install the Threat Prevention policy.