UDM is a web based application that manages a range of user and device related tasks in an organization. A typical user accesses organizational resources from multiple devices: computers, laptops, smartphones, and tablets. UDM provides a unified environment for managing various user and device related tasks, such as provisioning, transparency of access via SmartLog logs, viewing user and device details, certificate management, AD user management, and FDE password recovery (for Endpoint Security clients).
With UDM, security administrators can delegate user and device management tasks to Help Desk administrators. This delegation of responsibilities lets the network security team handle security policy issues and the Help Desk team manage some user access tasks.
UDM includes:
Remote Access certificate management
Manage, create, and revoke user certificates for remote access.
Use email templates to send information to users on how to connect remotely from their devices.
Integration with Active Directory
See all users in the organization and the devices they are using to connect to organizational resources.
Change the status of Active Directory users when necessary (expired, disabled, or locked).
Manage Active Directory user groups.
Integration with SmartLog
See user login and activity logs.
Search and filter logs for a specified user.
See if a device is connected or disconnected.
Integration with Endpoint Security Server
See activity of users and devices.
Use Full Disk Encryption password recovery.
Active Directory integration.
Integration with Capsule Cloud
See logs of Capsule Cloud users.
Send new registration codes to users.
Full Disk Encryption
TPM support for version 1.2 and 2.0.
Support for Active Directory groups in Pre-boot.
Mobile Access Blade
Simple and comprehensive mobile/remote access solution that delivers exceptional operational efficiency.
Allows mobile and remote workers to connect easily and securely from any location, with any Internet device to critical resources while protecting networks and endpoint computers from threats.
Data transmitted by remote access is decrypted and then filtered and inspected in real time by Check Point’s award-winning gateway security services such as Anti-Virus, Intrusion Prevention and Web Security.
Includes in-depth authentications, and the ability to check the security posture of the remote device. This further strengthens the security for remote access.
The Mobile Access Blade is available in its latest versions in R77.20 (sk101208).
Endpoint Security Client for Mac
This release adds these new features:
Support for the Endpoint Security client on Mac OS X 10.10 Yosemite.
Support for the Media Encryption Offline Access utility on Mac OS X 10.10 Yosemite.
Features:
From E80.60: New Capsule Docs Software Blade (alpha) for Mac
Compatibility with both Check Point On-Premises deployment and Cloud Deployment
Enhanced rendering capabilities
Support unprotecting a document based on user permissions
From R77.20 (and higher): Full Disk Encryption Software Blade new features
Dynamic Tokens
Remote Help Response Length
Full Disk Encryption support for In-place major OS upgrade (until September, 2015, this is available only as EA, see sk106668.)
Remote Access VPN
Remote Access Clients for Windows
Improved stability, and bug fixes.
Configure password complexity requirements in the VPN Configuration Utility.
Note: The packages provided below are Legacy CLI packages (not CPUSE packages).
Endpoint Security Server Downloads
Platform
Package
Link
Gaia
R77.20.01 Check Point Endpoint Security Server HF for Gaia OS (TGZ)
(TGZ)
Windows
R77.20.01 Check Point Endpoint Security Server HF for Windows OS (TGZ)
(TGZ)
Installation
The R77.20.01 Endpoint Security Server is based on the R77.20 Management Server and must be installed on the R77.20 Management Server. It has all the supported capabilities of a standard Check Point R77.20 Management Server.
For installation and upgrade instructions, use the procedures in the relevant guide:
For upgrades to R77.20.01, only Advanced Upgrade procedures are supported.
The R77.20.01 Endpoint Security Management Server can be activated only on a management-only machine. (Not on a standalone machine, i.e. Gateway + Management)
The R77.20.01 Endpoint Security Server can manage E80.40 and higher Endpoint Security clients.
R77.20.01 Management Server Migration Tools
Platform
Package
Link
Gaia, SecurePlatform
R77.20.01 Management Server Migration Tools for Gaia/SecurePlatform (TGZ)
(TGZ)
Windows
R77.20.01 Management Server Migration Tools for Windows (TGZ)
The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.
Package
Link
R77.20.01 SmartConsole for Endpoint Security Server
(EXE)
Endpoint Security E80.61 Clients
Endpoint Security Client E80.61 Downloads
Platform
Package
Link
Windows
E80.61 Endpoint Security Clients for Windows
Mac
E80.61 Endpoint Security Client and Capsule Docs for Mac (used with R77.20.01 Endpoint Security Server)
(ZIP)
Mac
E80.61 Endpoint Security Client for Mac (without Capsule Docs) (used with R77.20/R77.30 Endpoint Security Server)
(ZIP)
Note: On October 22, 2015, both E80.61 Endpoint Security Client on Mac downloads were replaced.
Media Encryption Offline Access Tool E80.61 for Mac
The Media Encryption Offline Access utility lets you:
Read information on devices encrypted with Media Encryption for Windows.
Write to removable media devices (this depends on the type of removable media device and on the security policy used when encrypting the device). Information you add to the device will also be encrypted.
Note: The utility does not encrypt previously unencrypted removable devices with the Media Encryption for Mac component.
Platform
Package
Link
Mac
E80.61 Media Encryption Offline Access Tool for Mac
R77.20.01 Check Point Endpoint Security Server HF for Gaia OS (TGZ)
(TGZ)
Windows
R77.20.01 Check Point Endpoint Security Server HF for Windows OS (TGZ)
(TGZ)
Installation
The R77.20.01 Endpoint Security Server is based on the R77.20 Management Server and must be installed on the R77.20 Management Server. It has all the supported capabilities of a standard Check Point R77.20 Management Server.
For installation and upgrade instructions, use the procedures in the relevant guide:
For upgrades to R77.20.01, only Advanced Upgrade procedures are supported.
The R77.20.01 Endpoint Security Management Server can be activated only on a management-only machine (Standalone machine is not supported, i.e., Gateway + Management).
The R77.20.01 Endpoint Security Server can manage E80.40 and higher Endpoint Security clients.
