Table of Contents
UDM Product Description
UDM Product Description
User and Device Management (UDM) is a web based application that manages a range of user and device related tasks in an organization. A typical user accesses organizational resources from multiple devices: computers, laptops, smartphones, and tablets.
UDM provides a unified environment for managing various user and device related tasks, such as provisioning, transparency of access via SmartLog logs, viewing user and device details, certificate management, AD user management, and FDE password recovery (for Endpoint Security clients).
With UDM, security administrators can delegate user and device management tasks to Help Desk administrators. This delegation of responsibilities lets the network security team handle security policy issues and the Help Desk team manage some user access tasks.
New in this release:
- Improved integration with Mobile Threat Prevention:
- The UDM administrator can disable SSO to MTP Dashboard within MTP Secure Browsing.
- Complete MTP Dashboard support within MTP Secure Browsing, including:
- The UDM administrator can configure MDM settings.
- The UDM administrator can search for devices by first name, last name, email, and phone number.
- The UDM administrator can filter devices by status.
- New Self Service Enrollment Portal for one-click simple device enrollment to Capsule Workspace.
- New ability to view and re-create the self-signed certificate that the UDM Portal uses when you browse to it.
- New ability to choose the certificates creation based on DN or email. Supported on Mobile Access Gateway R80.10 or later.
R77.30.01 UDM HF3 is installed on a separate machine (optionally on a VMWare VM) and connects to different Security Management Servers or Multi-Domain Security Management Servers.
If the Network Security Management Server that the UDM Server connects to is R77.20 or R77.30, you must install sk101217 - R77.20 Add-On or sk105412 - R77.30 Add-On respectively.
UDM requires a Security Management license.
For further assistance, contact Check Point Account Services:
- by using Live Chat
- by completing an Online Form
- by phone: Americas: +1-972-444-6600 option 5, or International: +972-3-611-5100 option 5
- Clean installation: Install Security Management Server R77.30 GA, then R77.30.01 UDM HF1, and finally R77.30.01 UDM HF3.
- Upgrade installation from R77.30.01 UDM HF1 or HF2: Install R77.30.01 UDM HF3
To install UDM R77.30.01 HF3 on a Gaia Security Management Server:
- Back up your R77.30.01 HF1 or HF2 Security Management Server.
- Create a temporary directory.
- Download the HF3 installation file, R77.30.01_UDM_HF3.Linux.tgz.
- Save the file to the temporary directory.
- Connect to the management server with SSH.
- Run these commands in expert mode:
- tar -zxvf R77.30.01_HF3.Linux.tgz
- The installation will ask to reboot. Click "yes".
- If you had an active UDM environment with R77.30.01 HF1 that included Mobile Threat Prevention:
- Edit $UDMDIR/conf/pii_filter.properties and set pii.filter.decryption.enforce.magic.value = false and then run udmstop; udmstart
- Re-create your MDM server settings.
- If you are connecting to an R80 Security Management Server, please refer to sk114934 - Configuring UDM R77.30.01 HF3 with R80 Management Server to apply the correct configuration.
- If you plan to use R77.30.01 UDM HF3 with Mobile Threat Prevention integration, apply this manual patch R77.30.01 UDM HF2 tool for Mobile Threat Prevention log entries on the SmartLog server to fix the Mobile Threat Prevention log entries display.
- In ssh, run smartlogstop
- Create temp directory in /opt/CPSmartLog-R77/python
- Move /opt/CPSmartLog-R77/python/story_mobile_access.pyc to /opt/CPSmartLog-R77/python/temp
- Download R77.30.01 UDM HFx tool for Mobile Threat Prevention log entries
- Unzip story_mobile_access.zip to /opt/CPSmartLog-R77/python/temp
- Move /opt/CPSmartLog-R77/python/temp/story_mobile_access.py to /opt/CPSmartLog-R77/python
- In ssh, run smartlogstart
- The certificate creation based on user emails (Subject Alternative Name) is supported for deployments with Security Management Server R80.10 or higher, and Mobile Access Blade Gateway R80.10 or higher. Refer to sk118892
- To get a fix for an issue listed below contact Check Point Support with the issue ID.
- To see if an issue has been fixed in other releases, search for the issue ID in Support Center.