Connecting UserCheck Client to the Security Gateway

If UserCheck is enabled on the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources., users must enter their username and password after the client installs.

When the UserCheck Client is first installed, the UserCheck Client tray icon indicates that it is not connected.

When the UserCheck Client connects to the Security Gateway, the UserCheck Client tray icon shows that the client is active.

The first time that the UserCheck Client connects to the Security Gateway, it asks user to approve of the Security Gateway fingerprint.

Example:

Best Practices: Let the users know this happens. Use a certificate that is trusted by the certificate authority installed on users' computers. Then users do not see a message "Issued by unknown certificate authority".

Note - If the UserCheck Client is not connected to the Security Gateway, the behavior is as if the client was never installed.

UserCheck and Check Point Password Authentication

To enable Check Point password authentication:

1. SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. Configuration:

   1. From the top, click Objects > Object Explorer.

   2. In the left pane, select only Users/Identities.

   3. Configure the required settings:

      If the required User object already exists

      1. Double-click the applicable User object.

      2. From the left, click General.

      3. In the General properties section, make sure to configure a valid email address.

      4. Click OK.

      If the required User object does not exist yet

      1. Make sure the applicable User Template object exists.

         If it does not, from the top toolbar, click New > Users/Identity > User Template > configure the required settings > click OK.

      2. From the top toolbar, click New > Users/Identity > User.

      3. Select the required User Template and click OK.

      4. Configure the required settings:

         • At the top, configure the object name

         • On General page, in the General properties section, make sure to configure a valid email address.

         • On Authentication page, in the Authentication Method section, select Check Point Password > click Set new password > enter the password > click OK.

      5. Click OK.

   4. Close the Object Explorer window.

2. UserCheck Client Configuration:

   1. On the endpoint computer, right-click the UserCheck Client icon in the Notification Area (next to the system clock).

   2. Click Settings.

   3. Click Advanced.

   4. Select Authentication with Check Point user accounts defined internally in SmartConsole.