Support Center > Search Results > SecureKnowledge Details
User and Device Management R77.30.01 (Hotfix #3) Technical Level
Solution

Table of Contents

  • UDM Product Description
  • What's New
  • UDM Configuration
  • Downloads
  • Documentation
  • Known Limitations
  • Revision History

UDM Product Description

User and Device Management (UDM) is a web based application that manages a range of user and device related tasks in an organization. A typical user accesses organizational resources from multiple devices: computers, laptops, smartphones, and tablets.

UDM provides a unified environment for managing various user and device related tasks, such as provisioning, transparency of access via SmartLog logs, viewing user and device details, certificate management, AD user management, and FDE password recovery (for Endpoint Security clients).

With UDM, security administrators can delegate user and device management tasks to Help Desk administrators. This delegation of responsibilities lets the network security team handle security policy issues and the Help Desk team manage some user access tasks.

What's New

New in this release:

  • Improved integration with Mobile Threat Prevention:
    • The UDM administrator can disable SSO to MTP Dashboard within MTP Secure Browsing.
    • Complete MTP Dashboard support within MTP Secure Browsing, including:
      • The UDM administrator can configure MDM settings.
      • The UDM administrator can search for devices by first name, last name, email, and phone number.
      • The UDM administrator can filter devices by status.
  • New Self Service Enrollment Portal for ‘one-click’ simple device enrollment to Capsule Workspace.
  • New ability to view and re-create the self-signed certificate that the UDM Portal uses when you browse to it.
  • New ability to choose the certificates creation based on DN or email. Supported on Mobile Access Gateway R80.10 or later.

UDM Configuration

R77.30.01 UDM HF3 is installed on a separate machine (optionally on a VMWare VM) and connects to different Security Management Servers or Multi-Domain Security Management Servers.

If the Network Security Management Server that the UDM Server connects to is R77.20 or R77.30, you must install sk101217 - R77.20 Add-On or sk105412 - R77.30 Add-On respectively.

Licensing

UDM requires a Security Management license.

For further assistance, contact Check Point Account Services:

  • by using Live Chat
  • by completing an Online Form
  • by phone: Americas: +1-972-444-6600 option 5, or International: +972-3-611-5100 option 5

Installation options

  • Clean installation: Install Security Management Server R77.30 GA, then R77.30.01 UDM HF1, and finally R77.30.01 UDM HF3.
  • Upgrade installation from R77.30.01 UDM HF1 or HF2: Install R77.30.01 UDM HF3

 

To install UDM R77.30.01 HF3 on a Gaia Security Management Server:

  1. Back up your R77.30.01 HF1 or HF2 Security Management Server.
  2. Create a temporary directory.
  3. Download the HF3 installation file, R77.30.01_UDM_HF3.Linux.tgz.
  4. Save the file to the temporary directory.
  5. Connect to the management server with SSH.
  6. Run these commands in expert mode:

    • tar -zxvf R77.30.01_HF3.Linux.tgz
    • ./UnixInstallScript

  7. The installation will ask to reboot. Click "yes".
  8. If you had an active UDM environment with R77.30.01 HF1 that included Mobile Threat Prevention:

    • Edit $UDMDIR/conf/pii_filter.properties and set pii.filter.decryption.enforce.magic.value = false and then run udmstop; udmstart

    • Re-create your MDM server settings.

Downloads

Package Link
R77.30.01 UDM Hotfix #1 for Gaia OS (TGZ)

 

Package Link
R77.30.01 UDM Hotfix #3 for Gaia OS  (TGZ)

Important Notes:

  • If you are connecting to an R80 Security Management Server, please refer to sk114934 - Configuring UDM R77.30.01 HF3 with R80 Management Server to apply the correct configuration.
  • If you plan to use R77.30.01 UDM HF3 with Mobile Threat Prevention integration, apply this manual patch R77.30.01 UDM HF2 tool for Mobile Threat Prevention log entries on the SmartLog server to fix the Mobile Threat Prevention log entries display.

    Deployment instructions:

    1. In ssh, run smartlogstop

      1. Create temp directory in /opt/CPSmartLog-R77/python
      2. Move /opt/CPSmartLog-R77/python/story_mobile_access.pyc to /opt/CPSmartLog-R77/python/temp
      3. Download R77.30.01 UDM HFx tool for Mobile Threat Prevention log entries
      4. Unzip story_mobile_access.zip to /opt/CPSmartLog-R77/python/temp
      5. Move /opt/CPSmartLog-R77/python/temp/story_mobile_access.py to /opt/CPSmartLog-R77/python

    2. In ssh, run smartlogstart

  • The certificate creation based on user emails (Subject Alternative Name) is supported for deployments with Security Management Server R80.10 or higher, and Mobile Access Blade Gateway R80.10 or higher. Refer to sk118892

Documentation

User and Device Management Documentation
User and Device Management R77.30.01 HF3 Release Notes

 

Known Limitations

Important notes:

  • To get a fix for an issue listed below contact Check Point Support with the issue ID.
  • To see if an issue has been fixed in other releases, search for the issue ID in Support Center.
ID Symptoms
Installation
01892463 The UDM portal cannot be enabled on a standalone installation.
SMTP
01912002 The UDM portal does not support SMTP with TLS authentication
Mobile Threat Prevention Integration
01933444
In the Mobile Threat Prevention tab of the portal, the user does not see the message when a session expires.
02349950 No support for non-English characters for devices created via MTP manual enrolment in UDM.
Active Directory
01908742
The UDM portal does not support LDAP groups that contain AD special characters.

 

Revision History

Show / Hide the revision history

Date Description
25 Oct 2016 First release of this document.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment