Managing Users

All users are configured directly in SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. (in contrast to users configured on external servers, such as Active Directory), and are stored on the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. in the management database.

When an administrator installs a policy, the Management Server copies the applicable user data to the managed Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources..

When an administrator installs a database (Menu > Install Database), the Management Server copies the applicable user data to the managed servers (for example, Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs.).

Creating a New User Template

A user template configures a profile - all new users, for which you select this user template, automatically get these settings. You can override these template settings in each user object.

  1. In the top right corner, click the Objects panel.

  2. Click New > More > User/Identity > User Template.

    The New User Template window opens.

  3. In the top field, enter the applicable object name.

  4. Optional: Enter the comment.

  5. On the General page, configure the expiration for this object:

    • According to Global Properties

    • Expire at

      This is the date, after which the user is no longer authorized to access network resources and applications.

  6. On the Groups page, select the applicable user group objects.

    All new users, for which you select this user template, are automatically added to these user groups.

  7. On the Authentication page, select the authentication method:

    • Undefined

    • Check Point Password

    • OS Password

    • SecurID

    • RADIUS

    • TACACS

  8. On the Location page:

    1. Configure the allowed sources from which this user can access or send data and traffic.

      These objects must already exist before you can select them.

    2. Configure the allowed destinations to which this user can access or send data and traffic.

      These objects must already exist before you can select them.

  9. On the Time page, configure the applicable working days or hours, when the users can be authenticated for access.

  10. On the Encryption page, configure the IKEv2 authentication and encryption settings for Remote Access VPN.

    1. Select IKE.

    2. Click Edit.

      The encryption IKE Phase 2 Properties window opens.

    3. On the Authentication page, select the authentication schemes:

      1. Password - The user authenticates with a pre-shared secret password.

      2. Public Key - The user authenticates with a public key contained in a certificate file.

    4. Click OK.

  11. Click OK.

  12. Publish the SmartConsole session.

Creating a New User

See:

Editing an Existing User

  1. In the top right corner, click the Objects panel.

  2. In the list of Object Categories, click Users/Identities.

  3. Click Users.

  4. Double-click the applicable user object.

    The User window opens.

  5. Configure the requires settings.

  6. Click OK.

  7. Publish the SmartConsole session.

  8. Install the Access Control Policy.

Deleting a User

  1. In the top right corner, click the Objects panel.

  2. In the list of Object Categories, click Users/Identities.

  3. Click Users.

  4. Right-click the user object and select Delete.

  5. Click Yes to confirm.

  6. Publish the SmartConsole session.

  7. Install the Access Control Policy.

Configuring Default Expiration Settings for Users

If a user account is about to expire, notifications show when you open the properties of the user in SmartConsole.

To configure the default expiration settings

  1. From the Menu, select Global Properties.

    The Global Properties window opens.

  2. Click User Accounts.

  3. Select Expire at or Expire after.

    • Expire at - Select the expiration date from the calendar control.

    • Expire after - Enter the number of days (from the day the account is made) before user accounts expire.

  4. Select Show accounts expiration indication, and enter the number of days.

    Expiration warnings in the SmartConsole User object show this number of days before an account expires. During this time, if the user account is to be active for longer, you can edit the user account expiration configuration. This will avoid loss of working time.

  5. Click OK.

  6. Publish the SmartConsole session.