Enabling the ICA Management Tool on the Security Management Server
Importing the User Certificate on the Client
Accessing the ICA Management Tool
Related documentation
Related solutions
(1) Setting up the ICA Management Tool connection (creating a Certificate user)
Connect with SmartConsole to Security Management Server / Domain Management Server.
Go to Permissions & Administrators - Administrators
Click New >Administrator
In the General Properties pane:
In the Login Name field - enter the user login name (e.g., John_Smith).
In the Expiration Date field - verify that the date is set to a valid future date.
In the Permissions Profile field - select a profile that grants Read/Write All permissions (create such profile, if needed).
In the Certificates pane:
Click the Generate and save button.
A dialog box with this message is displayed: Check Point SmartDashboard The generation of the certificate for the user cannot be undone, unless you click Revoke. Ok to continue?
Click OK.
In the Enter Password dialog box, enter the required user password.
Confirm the user password.
Click OK.
In the dialog box Save Certificate File As, select the required location to save the certificate file.
Verify the user login name (e.g., John_Smith) is displayed in the File Name field.
Verify that "Certificate Files (*.p12)" is selected in the Save as type drop-down list.
Click Save.
Observe the information in the "DN" field, which should look something like this: CN=John_Smith,OU=users,O=saturn.detroit.com.k7ekvo
Note - A password is required to protect the sensitive data contained in the certificate file. The certificate file contains the private key. Once the certificate is issued, save it to a file and supply the administrator with this file and the password. The certificate can then be used for authentication when logging in with SmartConsole to the Security Management server.
Click OK to close the Administrator Properties window.
In the Users and Administrators window, click Actions >Install.
Click Close.
In SmartDashboard, go to File menu - click Save.
Transfer the saved *.p12 file (e.g., John_Smith.p12) to the Client that is connecting to the ICA Management Tool.
(2) Enabling the ICA Management Tool on the Security Management Server / Domain Management Server
Connect to the command line on the Security Management Server / Multi-Domain Security Management Server.
Log in to Expert mode.
On the Multi-Domain Security Management Server, switch to the context of the relevant Domain Management Server:
[Expert@HostName:0]# mdsenv <Name of Domain Management Server>
Enable the ICA Management Tool using the "Administrator DN" created in Part 1 above:
cpca_client set_mgmt_tool on -a "CN=John_Smith,OU=users,O=saturn.detroit.com.k7ekvo"
Output should show:
Successfully set the management tool.
The authorized administrators:
(
: ("CN=John_Smith,OU=users,O=saturn.detroit.com.k7ekvo")
)
The authorized users:
()
Notes:
After the ICA Management Tool is started, the Security Management Server / Domain Management Server will be listening on TCP port 18265 (Check Point predefined service FW1_ica_mgmt_tools).
Having port 18265 open is not a vulnerability. The Management Tool Portal is secured and protected by SSL. In addition, only authorized administrators are allowed to access it using a certificate.