Checkpoint Identity Agent Download Mac

Configuring Terminal Servers

Downloading Identity Agent from Captive Portal fails with 'Warning' on a Windows 10 client. Downloading Identity Agent from Captive Portal is successful on Windows 7. Check Point Mobile Access is the safe and easy solution to securely connect to corporate applications over the Internet with your Smartphone, tablet or PC. Integrated into the Check Point Infinity Architecture, Mobile Access provides enterprise-grade remote access via both Layer-3 VPN and SSL/TLS VPN, allowing you to simply and securely.

Deploying the Terminal Servers Identity Awareness Solution

To deploy Terminal Servers Endpoint Identity Agent:

  • Install a Terminal Servers Endpoint Identity Agent - You install this agent on the application server that hosts the Terminal/Citrix services after you enable the Terminal Servers identity source in the Identity Awareness Gateway object and install the Access Policy.

    Go to sk134312 to download the Terminal Servers Endpoint Identity Agent.

    Make sure you open the link from a location defined in the Terminal Servers Accessibility setting (Identity Awareness Gateway properties > Identity Awareness > Terminal Servers > Settings > Edit).

  • Configure a Shared Secret - You must configure the same password on the Terminal Servers Endpoint Identity Agent and the Identity Awareness Gateway. This password is used to secure the established trust between them.

Upgrading a Terminal Servers Endpoint Identity Agent

There is no option to upgrade the Terminal Servers Endpoint Identity Agent when you upgrade a Security Gateway to a newer version. You must manually install the new version of the Terminal Servers Endpoint Identity Agent on the Citrix or Terminal Server.

Collector

Configuring the Shared Secret

You must configure the same password as a shared secret in the Terminal Servers Endpoint Identity Agent on the application server that hosts the Terminal/Citrix services and on the Security Gateway enabled with Identity Awareness. The shared secret enables secure communication and lets the Security Gateway trust the application server with the Terminal Servers functionality.

Checkpoint Identity Agent Download Mac

The shared secret must contain at least 1 digit, 1 lowercase character, 1 uppercase character, no more than three consecutive digits, and must be eight characters long. In SmartConsole, you can automatically generate a shared secret that matches these conditions.

To configure the shared secret on the Identity Awareness gateway:

  1. Log in to SmartConsole.
  2. From the left Navigation Toolbar, click GATEWAYS & SERVERS.
  3. Double-click the Check Point Security Gateway that has Identity Awareness enabled.
  4. In the left tree, go to the Identity Awareness page.
  5. In the Identity Sources section, select Terminal Serversand click Settings.
  6. To automatically configure the shared secret:
    1. Click Generate to automatically get a shared secret that matches the string conditions.

      The generated password is shown in the Pre-shared secret field.

    2. Click OK.
  7. To manually configure the shared secret:
    1. Enter a password that matches the conditions in the Pre-shared secret field.

      Note the strength of the password in the Indicator.

    2. Click OK.

To configure the shared secret on the application server:

Checkpoint Identity Agent Download Mac Installer

  1. Open the Terminal Servers Endpoint Identity Agent.

    The Check Point Endpoint Identity Agent - Terminal Servers main window opens.

  2. In the Advanced section, click Terminal Servers Settings.
  3. In Identity Server Shared Secret, enter the shared secret string.
  4. Click Save.

Configuring Terminal Servers Accessibility

  1. Log in to SmartConsole.
  2. From the left Navigation Toolbar, click GATEWAYS & SERVERS.
  3. Double-click the Check Point Security Gateway that has Identity Awareness enabled.
  4. In the left tree, go to the Identity Awareness page.
  5. Click Terminal Servers - Settings.
  6. In the Accessibility section,click Edit to select from where the Terminal Servers Endpoint Identity Agent can connect.

    The options are based on the topology configured for the gateway:

    • Through all interfaces
    • Through internal interfaces
      • Including undefined internal interfaces
      • Including DMZ internal interfaces
      • Including VPN encrypted interfaces
    • According to the Firewall policy - Select this, if there is a rule that states who can access the portal.

Terminal Servers Endpoint Identity Agent Users Tab

The Users tab in the Terminal Servers Endpoint Identity Agent main window shows a table with information about all users that are actively connected to the application server that hosts the Terminal/Citrix services.

Table Field

Description

ID

The SID of the user.

User

The user and domain name. The format used: <domain><user>

TCP Ports

The ports allocated to the user for TCP traffic.

UDP Ports

The ports allocated to the user for TCP traffic.

Authentication Status

Indicates whether this user is authenticated on the gateway.

The ID and User field information is automatically updated from processes running on the application server. The Terminal Servers Endpoint Identity Agent assigns TCP and UDP port ranges for each connected user.

Multi-User Host (MUH) Advanced Settings

In the Terminal Servers Endpoint Identity Agent main window, click Advanced > Terminal Servers Settings.

Advanced uses can change these settings when necessary.

Best Practice - We highly recommend that you keep the default values, if you are not an advanced user.

Checkpoint Identity Collector

Changes are applied to new users that log in to the application server after the settings are saved in the Terminal Servers Endpoint Identity Agent. Users that are currently logged in, will stay with the older settings.

Checkpoint Identity Agent Download Mac Os

Advanced Setting

Description

Excluded TCP Ports

Ports included in this range will not be assigned to any user for TCP traffic. This field accepts a port range or list of ranges (separated with a semicolon).

Excluded UDP Ports

Ports included in this range will not be assigned to any user for UDP traffic. This field accepts a port range or list of ranges (separated with a semicolon).

Maximum Ports Per User

The maximum number of ports that can be assigned to a user in each of the TCP and UDP port ranges.

Ports Reuse Timeout (seconds)

The number of seconds the system waits until it assigns a port to a new user after it has been released by another user.

Errors History Size

N/A

Gateway Shared Secret

The same password that is set on the gateway that enables trusted communication between the Security Gateway and the application server.