This is a live document that is updated on regular basis without special notice. It does not replace any official documentation released by Check Point.
Table of Contents:
Operating System Installation and Server Setup
Client Deployment and Upgrade
Capsule Docs
Troubleshooting
Upgrade
Legacy Upgrade
High Availability
Policy Server
3rd Party Deployment
Full Disk Encryption
Media Encryption
Endpoint for Mac
Operating System Installation and Server Setup
Estimated time to complete: 12 Minutes
Step 1 - Installing Gaia
Install Gaia Operating System prior Security Management server and Endpoint Security Server.
Note: Each customer needs a different machine capabilities; follow the Sizing Guide attached, so it will fit your needs
Estimated time to complete: 7 Minutes
Step 2 - First Time Wizard
First Time Wizard configures the OS settings through the Web browser.
Once done, it allows you to download SmartConsoles to configure the Endpoint Server and perform other configurations.
Note: Proceed anyway if prompted with a certificate error in the browser.
Estimated time to complete: 7 Minutes
Step 3 - Download and Install SmartConsole
Install various Smart Consoles which allows to manage, control and view logs centrally. Through the Smart Endpoint you will manage your Endpoint Server
Estimated time to complete: 7 Minutes
Step 4 - Activate and launch Endpoint Console
Through the SmartDashboard you will activate the Endpoint Server, get 15 days trial license that will allow you to impress from the Endpoint solution
How to create Deployment Rule for group of machines - 3:03
How to download and install Endpoint Security Initial package client - 3:56
How to configure, export and manually deploy an EPS.msi package with Endpoint Security Blades – 5:57
Adding and removing blades for a group of machines using Deployment Rules – 8:06
Upgrading Endpoint Security client with Deployment rules - 10:03
Capsule Docs
Estimated time to complete: 2 Minutes
Protecting a document for external user using Capsule Docs
This video demonstrates a creation of a protected document for external user using Capsule Docs
Estimated time to complete: 3 Minute
Accessing a protected document by external user
This video demonstrates how the external user ccesses a Capsule Docs protected document
Troubleshooting
Estimated time to complete: 3 Minutes
Collect CPinfo from Windows client
The main debug tool for the client is CPinfo. It collects information about the Endpoint Client components and assisting with resolving issues
Estimated time to complete: 1 Minute
Collect CPinfo from the Mac client
The main debug tool for MAC client is CPinfo. It collects information about the Endpoint Client components and assisting with resolving issues. Same tool as the Windows CPinfo
Estimated time to complete: 2 Minutes
DMU - Step 1 Creating a bootable ISO file
Creating a bootable media ISO with DMU and burn it on a CD
As a first step of the upgrade from R77 to R77.10 is DataBase backup by migrating it from the existing Endpoint Security Server.
Note: Maintenance window might be required to stop the Check Point services
Estimated time to complete: 4 Minutes
Step 2 - Moving DB to a backup location
Place the Endpoint Server DataBase in a secured location in case revert backup is needed
Estimated time to complete: 25 Minutes
Step 3 - Upgrade Endpoint Server
The actual upgrade procedure to R77.10 from R77
Estimated time to complete: 1 Minute
Step 4 - Opening R77 10 console after upgrade
After the upgrade we will need to connect the new Endpoint Server with a new SmartEndpoint Console and activate the change to the Endpoint part as well
Estimated time to complete: 20 Minutes
Upgrade Endpoint Client
This video demonstrates the upgrade process from E80.50 to E80.51 through the Smart Endpoint
Legacy Upgrade
Estimated time to complete: 5 Minutes
Step 1 Upload Endpoint Client Packages
Once the new Endpoint server is up and running, upload the new client packages to the server
Estimated time to complete: Depending on AD size
Step 2 Scanning the Active Directory
Scanning the Active Directory will allow deploying packages and policies based on the machines and users in it
Estimated time to complete: 2 Minutes
Estimated time to complete: 1 Minute
Step 3a Add FDE Legacy Group
Allowing FDE legacy upgrade without using the Update Validation Password
Step 3b Add FDE Legacy Group
Verify that the ALLOW UPGRADE Group was added to the FDE clients
Estimated time to complete: 3 Minutes
Estimated time to complete: 2 Minutes
Estimated time to complete: 2 Minutes
Estimated time to complete: 1 Minute
Step 4a Media Encryption Keys and Devices Migration
Adding registry keys on the SQL Server to accept requests over TCP connections
Step 4b Media Encryption Keys and Devices Migration
Create a login profile to allow access to the legacy Media Encryption DataBase
Step 4c Media Encryption Keys and Devices Migration
Migrating the devices and the encryption keys from the Legacy Media Encryption Server to the new Server
Step 4d Media Encryption Keys and Devices Migration
Allowing automatic access to an encrypted media by adding the Media Encryption Legacy Site ID to the new Endpoint Server
Estimated time to complete: 10 Minutes
Step 5 Export pre-upgrade Package
Create and export a pre-upgrade client package
Estimated time to complete: 20 Minutes
Step 6 Upgrading the Endpoint Security Legacy client
Perform the actual upgrade from the Legacy Endpoint client using the pre-upgrade package
Estimated time to complete: 1 Minute
Step 7 Automatic access to a legacy encrypted media
External media that was encrypted using the Legacy Endpoint client will be allowed to access the new client automatically
High Availability
Estimated time to complete: 6 Minutes
Step 1 - Secondary Server Setup
First Time Wizard - Secondary Server.
Note: Before performing this step you need to install the OS. Refer to video "Step 1 - Installing Gaia"
Estimated time to complete: 4 Minutes
Step 2 - Secondary Server object creation
Before building the High Availability setup we need to create the Secondary Server object on the Primary Server, establish SIC between them and install the DataBase
Estimated time to complete: 8 Minutes
Step 3 - Switch from Active to Standby Server
Fail-over to the Standby server and show how the client is now communicating with the Secondary Server instead of the Primary.
Note: Use the attached PDF to understand more about PAT and it's importance
Policy Server
Estimated time to complete: 10 Minutes
Policy Server - First Time Wizard
Policy Server role is to reduce load from the main server and keeps the clients connected when there is no connection to the Primary Endpoint Server. SmartEndpoint and SmartDashboard cannot connect to a Policy Server as it does not have a Database
You need to install the Operating System before performing this step.
Estimated time to complete: 7 Minutes
Policy Server - Activating Policy Server
Create the policy Server object and activate it, so it will communicate with the Endpoint Server (SIC) and with the Endpoint Clients
Estimated time to complete: 5 Minutes
Policy Server - Switching from Primary to Policy Server
If the Endpoint Client decides (proximity) to communicate with the Policy Server or if it cannot reach the Primary Endpoint Server. The Endpoint Client remains connected
3rd Party Deployment
Estimated time to complete: 3 Minutes
Step 1 - Creating an Endpoint Package with SCCM
This video demonstrates the creation of Package that was built from the MSI file that was exported from the Endpoint Security Server
Estimated time to complete: 3 Minutes
Step 2 - Creating an Endpoint Program with SCCM
This video demonstrates how to set permissions to run the client, the installation order, command line, interaction with the program and more.
Note: Administrator can use other MSI syntax according to the company needs. Syntax: # MsiExec /i EPS.msi /qn /l*v install.log REBOOT=ReallySuppress
Estimated time to complete: 3 Minutes
Step 3 - Creating a Distribution point for Endpoint Client
Add the package to SCCM Distribution Point, choose which machines will be deployed with the client and schedule the task, actions when installation fails and more
Estimated time to complete: 25 Minutes
Step 4 - Installing Endpoint Client using SCCM
Silent installation of Endpoint client (with some tips to speed the client installation) using SCCM
Full Disk Encryption Blade
Estimated time to complete: 7 Minutes
Estimated time to complete: 3 Minutes
Two Factor Authentication - Step 1 - Preparation
Before authenticating with an eToken or Smart Card to Preboot, you need to prepare a certificate for your Active Directory user and install the relevant middleware
Two Factor Authentication - Step 2 - Authenticate to Preboot
This video demonstrates the steps to configure eToken to authenticate to Preboot and then to Windows
Estimated time to complete: 2 Minutes
Remote Help - Password Change
Configure policy to enable Remote Help for FDE users and demonstrate the process of changing a password with Remote Help challenge / response process
Estimated time to complete: 2 Minutes
Preboot Bypass - WIL
Enabling Preboot Bypass which will allow the client to authenticate only through Windows without Preboot - Less secured! We will mention how to increase security of this feature in the video
Estimated time to complete: 2 Minutes
Temporarily Disabling Preboot - WOL
Temporarily Disabling Preboot allows the administrator disable Preboot protection temporarily, for example, for maintenance. It was previously called Wake on LAN (WOL)
Estimated time to complete: 3 Minutes
Customizing Preboot and OneCheck Background image
Change Preboot and OneCheck Login Screen based on your own logo
Media Encryption
Estimated time to complete: 3 Minutes
Read & Write to a USB
This video demonstrates the basic configuration of reading (Read & Copy) and writing to a USB while presenting the Business data partition and actions made to files on the USB itself
Estimated time to complete: 2 Minutes
Media Encryption offline access
Endpoint Media Encryption allows access to encrypted media on machines without Endpoint client installed or when the Endpoint Server is unreachable
Endpoint Security for Mac client
Estimated time to complete: 1 Minute
Installing Endpoint for MAC client - Step 1 - Upload package
This video demonstrates the Endpoint for MAC client upload to the Endpoint Server through SmartEndpoint.
Note: Download the Endpoint for MAC client from the User Center beofre performing this step
Estimated time to complete: 1 Minute
Installing Endpoint for MAC client - Step 2 - Download package from SmartEndpoint
Download Endpoint for MAC installation package from the Endpoint Server before installing it on the client machine
Estimated time to complete: 15 Minutes
Installing Endpoint for MAC client - Step 3 - Installation on the client machine
The actual installation on the MAC client machine
Give us Feedback
Thanks for your feedback!
Are you sure you want to rate this stars?
