integrity clientless security administrator guide is the industry's op en, multi-vendor...

Integrity Clientless Security

1-0NNN-0410-2006-11-06 (EA)

Getting Started GuideVersion 4.1

© 2006 Check Point Software Technologies Ltd.

All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

TRADEMARKS:

© 2006 Check Point Software Technologies Ltd.

All rights reserved. Check Point, Application Intelligence, Check Point Express, the Check Point logo, AlertAdvisor, ClusterXL, Cooperative Enforcement, ConnectControl, Connectra, CoSa, Cooperative Security Alliance, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, IMsecure, INSPECT, INSPECT XL, Integrity, InterSpect, IQ Engine, Open Security Extension, OPSEC, Policy Lifecycle Management, Provider-1, Safe@Home, Safe@Office, SecureClient, SecureKnowledge, SecurePlatform, SecuRemote, SecurServer, SecureUpdate, SecureXL, SiteManager-1, SmartCenter, SmartCenter Pro, Smarter Security, SmartDashboard, SmartDefense, SmartLSM, SmartMap, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SofaWare, SSL Network Extender, TrueVector, UAM, User-to-Address Mapping, UserAuthority, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 VSX, Web Intelligence, ZoneAlarm, Zone Alarm Pro, Zone Labs, and the Zone Labs logo, are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726 and 6,496,935 and may be protected by other U.S. Patents, foreign patents, or pending applications.

ICS Administrator Guide 5

ContentsChapter 1 Integrity Clientless Security 4.1

Welcome ................................................................................. 9In This Guide ......................................................................... 10Integrity Clientless Security 4.1 Documentation ........................ 10

Chapter 2 IntroductionOverview ................................................................................ 11Product CD-ROMs .................................................................. 11For New Check Point Customers .............................................. 12.What’s New in ICS 4.1 ........................................................... 12

Support For Microsoft Internet Information Services (IIS) ..............12Linux and Macintosh support ......................................................12

Enhanced Antivirus Applications Support .................................. 13Enhanced Firewall Applications Support ......................................13Redesigned Scanner Policy Configuration ....................................13Secure Workspace Policy Configuration ........................................14Secure Workspace Bypass Option ................................................14Enhanced Reporting Database Performance .................................14Filtering ...................................................................................14Improved Anti-keylogger Reporting ..............................................14

Chapter 3 Getting StartedICS Terminology ..................................................................... 15Prerequisites .......................................................................... 15Systems Requirements ............................................................ 15

Server Requirements ..................................................................16Endpoint Requirements ..............................................................17Other Prerequisites ....................................................................18

Chapter 4 Installing and Reconfiguring ICSInstallation Process for Apache ................................................ 19Installation Process for Internet Information Services (IIS) ......... 21Upgrade Installation Process ................................................... 23Uninstallation Process ............................................................ 24Reconfiguration Processes ....................................................... 25

Configuring ICS to receive software updates .................................25Moving ICS to another server ......................................................26Changing the protected gateway ..................................................26Relocating the Administrator Console ..........................................27

Chapter


1Integrity Clientless Security 4.1

This chapter contains the following topics:

“Welcome,” on page 9

“In This Guide,” on page 10

“Integrity Clientless Security 4.1 Documentation,” on page 10

WelcomeThank you for choosing Check Point’s IIntegrity Clientless Security. We hope that you will be satisfied with this solution and our support services. Check Point products provide your business with the most up to date and secure solutions available today.

Check Point also delivers worldwide technical services including educational, professional and support services through a network of Authorized Training Centers, Certified Support Partners and Check Point technical support personnel to ensure that you get the most out of your security investment.

In order to extend your organization’s growing security infrastructure and requirements, we recommend that you consider adopting the OPSEC platform (OpenPlatform for Security). OPSEC is the industry's open, multi-vendor security framework, which has over 350 partners and the largest selection of best-of-breed integrated applications and deployment platforms.

For additional information on Integrity Clientless Security and other security solutions, refer to: http://www.checkpoint.com or call Check Point at 1(800) 829-8391. For additional technical information, refer to: http://support.checkpoint.com.

Welcome to the Check Point family. We look forward to meeting all of your current and future network, application and management security needs.

In This Guide

ICS Administrator Guide Integrity Clientless Security 4.1 10

In This GuideThis guide provides a brief overview of the Integrity Clientless Security application and installation procedures.

Integrity Clientless Security 4.1 DocumentationTechnical documentation is available on your Integrity Clientless Security 4.1 CD-ROM at: cd_path_here. These documents can also be found at: http://www.checkpoint.com/support/technical/documents.

To find out about what's new in ICS 4.1, read the ICS 4.1 Release Notes.

For information on upgrading your current Check Point deployment, refer to the ICS Administration Guide.

Chapter


2Introduction


“Overview,” on page 11

“Product CD-ROMs,” on page 11

“For New Check Point Customers,” on page 12

“.What’s New in ICS 4.1,” on page 12

OverviewICS is a Check Point product that provides unmanaged endpoints with protected, secure access to your network. ICS provides fully integrated and centrally managed spyware blocking, complete session confidentiality, and comprehensive security policy enforcement.

ICS 4.1 provides support for Windows, Linux, and Macintosh endpoints, allows use of a wider range of Antivirus and firewall applications, and provides an enhanced Secure Workspace application for endpoint computers.

Product CD-ROMsThe NGX R62 media pack contains the following [nn] CD-ROMs:

Table 2-1: CD1: In the Linux Directory

Linux Package Contains...

For New Check Point Customers

ICS Administrator Guide Introduction 12

For New Check Point CustomersNew Check Point customers can access the Check Point User Center

in order to:

Manage users and accounts

Activate products

Get support offers

Open service requests

Search the Technical Knowledge Base

To access the Check Point User Center, go to:

https://usercenter.checkpoint.com/pub/usercenter/get_started.html

.What’s New in ICS 4.1The following section provides an overview of NGX R62 product enhancements.

Support For Microsoft Internet Information Services (IIS)

Integrity Clientless Security 4.1 now supports Microsoft IIS 5.0 and 6.0 Web servers.

Linux and Macintosh supportLinux and Macintosh endpoints are now supported by ICS, with the following exceptions:

No support for malware scans on Linux or Macintosh endpoints.

No support for antivirus checks on Macintosh endpoints.

Table 2-1: CD1: In the Linux Directory

Linux Package Contains...

Enhanced Antivirus Applications Support


Enhanced Antivirus Applications SupportICS supports the following antivirus applications:

Kaspersky Antivirus for Linux

avast! Linux Home Edition for Linux

F-Secure Antivirus for Windows

Panda Anti-Virus for Windows

SOFTWIN BitDefender Antivirus for Windows

Zone Labs ZoneAlarm with Antivirus for Windows

AVG Antivirus Free Edition for Windows

Alwit Avast! Antivirus for Windows

NOD32 Antivirus for Windows

AVG Antivirus Free Edition for Linux

Enhanced Firewall Applications SupportICS supports the following firewall applications:

Check Point Integrity Linux Agent for Linux

Redhat Linux built-in firewall for Linux

Mac OSX/Tiger built-in firewall for Macintosh

McAfee Personal Firewall for Windows

Computer Associates EZ Firewall for Windows

Windows XP Firewall for Windows

BlackICE PC Protection (BlackICE Defender) for Windows

Kerio Firewall for Windows

Outpost Personal Firewall for Windows

Norton Personal Firewall for Windows

Redesigned Scanner Policy ConfigurationPolicy configuration usability and performance have been improved. Policies are now configured locally in administrator’s browser. A new Save Configuration button allows you to save the policy to the ICS server and applies all changes to ICS.

Secure Workspace Policy Configuration


Secure Workspace Policy ConfigurationA personal firewall feature is now available in Secure Workspace. It allows the ICS administrator to restrict Web sites that an endpoint can access during the session. You can use this feature to isolate an endpoint from the rest of a network and grant access only to the secured gateway.

Secure Workspace Bypass OptionYou can now allow selected endpoint computers to bypass Secure Workspace, even if Secure Workspace is required by your security policy.

Enhanced Reporting Database PerformanceReporting database performance was significantly improved. ICS now supports up to 100,000 scans in a single database. The reporting database can now be extended up to 1Gb in size.

FilteringICS Reports pages now provide filtering capabilities.

Improved Anti-keylogger ReportingThe Anti-keylogger Report page now provides filtering and search capabilities. The report page layout was redesigned to be more user-friendly.

Chapter


3Getting Started


“Prerequisites,” on page 15

“Systems Requirements,” on page 15

“Server Requirements,” on page 16

“Endpoint Requirements,” on page 17

“Other Prerequisites,” on page 18

ICS Terminology[Reviewers: please feel free to suggest any terms that should be defined here.]

PrerequisitesBefore you begin, make sure your system meets the following requirements:

Your gateway must be set up and functioning normally and users must be able to connect to your gateway

You must have CGI scripts turned on

Systems RequirementsThis section outlines the server and endpoint computer requirements and other prerequisites.

Server Requirements

ICS Administrator Guide Getting Started 16

Server Requirements

Linux Requirements

Linux Kernel 2.4

Debian GNU/Linux 3.1

Fedora Core 4

Novell Linux Desktop 9.1

Intel x86 32-bit compatible processor

CPU 400 MHz Pentium II

RAM 64 Mb

20 Mb of available hard-disk space

Apache 1.3, 2.0, or later, with the following modules enabled:

mod_cgi

mod_rewrite

mod_auth (1.3 and 2.0 only)

mod_auth_basic (2.2 and later only)

mod_authn_file (2.2 and later only)

Windows Requirements

Windows 2000 Server or Windows 2003 Server

Intel x86 32-bit compatible processor

400 MHz Pentium II

RAM 256 Mb

20 Mb of available hard-disk space

One of the following Web servers:

Apache 1.3, 2.0, or later with the following modules enabled:

mod_cgi

mod_rewrite

mod_auth (1.3 and 2.0 only)

mod_auth_basic (2.2 and later only)

mod_authn_file (2.2 and later only)

Microsoft Internet Information Services (IIS) 5.0 or 6.0

Endpoint Requirements


Administrator Client Requirements

Internet Explorer 6.0 or later configured to allow cookies, run ActiveX components or Sun Java applets enabled or Microsoft Java VM enabled.

Mozilla Firefox 1.5 or later configured to allow cookies and Sun Java applets support enabled.

Endpoint RequirementsFor endpoint computers to be successfully serviced by Integrity Clientless Security, they must meet the endpoint requirements outlined in this section. When a user tries to access your gateway without the proper browser or settings, an error message is displayed detailing the browser requirements. You can choose to allow access for endpoint computers that do not meet your requirements, however, those computers will not be serviced by ICS.

Supported Operating Systems

For information about allowing access for endpoint computers that are running unsupported operating systems see “Configuring ICS to fail open,” on page 23.

For Integrity Security Scanner:

Windows 98/ME

Windows NT4 SP6

Windows 2000

Windows XP

Mac OS X (spyware and AV detection not supported)

Linux based on kernel 2.4 (spyware detection not supported)

For Integrity Secure Workspace:

Windows 2000

Windows XP

For Advanced Anti-Keylogging:

Windows 2000

Windows XP

Java applet caching must be disabled.

Other Prerequisites


Supported Browsers

Internet Explorer 5.5 or later configured to allow cookies, run ActiveX components or Sun Java applets enabled or Microsoft Java VM enabled.

Mozilla Firefox 1.0 or later configured to allow cookies and Sun Java applets support enabled

Netscape Navigator 8.0 or later configured to allow cookies and Sun Java applets support enabled

Firefox 1.0.4 or later configured to allow cookies and Sun Java applets support enabled (Linux only)

Konqueror browser (latest version available for distribution; Linux only)

Safari browser configured to allow cookies and Sun Java applets support enabled (Macintosh only)

Java Requirements

ICS supports two Java implementations. Endpoint computers must have one of the following to be serviced by ICS:

Microsoft JVM version 5.5.3810.0 or higher

Sun JRE version 1.4.2 or higher

Other PrerequisitesBefore installing ICS, you must already have configured the Web site you are going to protect. You should perform tests to make sure that your users have access to the Web site. It is important to make sure that your users already have access to the Web site before you begin to implement ICS.

The ICS server software must be installed on the same physical server computer as the Web server. For Windows gateway servers ensure that your server machine name does not include the “_” character. If your gateway server has a “_” character in its name, Internet Explorer browsers will not process cookies sent from that server.

If you will need a new authorization account for ICS administration, you need to make sure the appropriate utilities are accessible.

It is recommended that you configure your Web server so that ICS administration pages are only accessible using the HTTPS protocol.

Java applet caching must be disabled.

Integrity Security Scanner cannot scan endpoint computers running Java Runtime Environment versions 1.4.2_07 through 1.4.2_10 with Firefox or Netscape Web browsers.

Chapter


4Installing and Reconfiguring ICS


“Installation Process for Apache,” on page 19

“Installation Process for Internet Information Services (IIS),” on page 21

“Upgrade Installation Process,” on page 23

“Uninstallation Process,” on page 24

“Reconfiguration Processes,” on page 25

“Where To From Here?,” on page 27

Installation Process for ApacheUse the following instructions to install your ICS Server on Apache HTTP Web server.

To install ICS on Apache HTTP Server:

1. Extract the files.

Extract the appropriate file to a dedicated ICS folder on the same server as the gateway you are going to protect. This folder must be accessible to the Apache server with read/write permissions. The ics_server sub-folder will be created automatically.

For Windows, use ics_4.1.zip

For Linux, use ics_4.1.tgz

2. Change directories to ics_server/bin/ and execute the appropriate installation script:

ics_server/bin/install.sh for Linux servers

ics_server/bin/install.exe for Windows servers

3. Follow the installation instructions.

When prompted, provide:

Installation Process for Apache

ICS Administrator Guide Installing and Reconfiguring ICS 20

The full URL to the gateway you want to protect, in the form of http://server:port/path_to_gateway.

The full URL to the ICS Web location, in the form of http://server:port/path. The Server name or IP should be the same as for the gateway. Be sure to make note of the location you specify here. You will later use this URL to access the Administrator Console.

These URLs may be entered as command line parameters if you are running the install script from a batch file. Command line of the installation script should be the following: install.sh | install.exe [portal_url URL] [ics_url URL], where [portal_url] and [ics_url] are the parameter names and [URL] is the required form of the corresponding URL.

4. Set your password.

The default authorization for the ICS configuration scripts is saved in ics_server/bin/data/.htpasswd file. You should change the username and password (installation default for both is icsadm) in this file as soon as possible using the appropriate utility to manage password files. The default username and password is icsadm/icsadm.

5. Add the contents of ics_server/ics-apache.conf to your Apache Web server configuration file (usually httpd.conf).

Either use the include directive or copy the ics-apache.conf file to the folder that was automatically included by Apache during configuration.

6. Restart the Apache server to apply the ICS settings.

On Linux servers, use the appropriate command. For example: /etc/init.d/httpd restart.

On Windows servers, use the Apache administration console or restart the service manually using the list of system services.

If Virtual Host entries are set up in your Apache configuration, then you must add the first three lines (starting with ‘Rewrite’) from ics-apache.conf into every Virtual Host entry that corresponds to a portal you are going to protect with ICS.

If you install more than one ICS server on a single Apache server, you must modify the ics-apache.conf files generated by the installers. The check-prg identifiers at line RewriteMap check-prg prg:/path/to/filter must be unique for each ICS server.

For example, check-prg1, check-prg2, and check-prg3.

You must use the same identifier within the file, at line 'RewriteRule ^ (/path/to/portal.*)$ ${check-prg:%{HTTP_COOKIE}}$1?%{QUERY_STRING} [NE,L]'.

If you do not do this, the settings you configure on the additional ICS servers will not take effect.

Installation Process for Internet Information Services


Installation Process for Internet Information Services (IIS)

Use the following instructions to install your ICS Server on Microsoft Internet Information Services (IIS) Web server.

To install ICS on Microsoft Internet Information Services (IIS):

1. Extract the files.

Extract the files in ics_4.1.zip to a dedicated ICS folder on the same server as the gateway you are going to protect. This folder must be accessible to the IIS server with read/write permissions. The ics_server sub-folder will be created automatically.

2. Create a new virtual directory for your Web site in Internet Information Services using the IIS Manager, with the following options:

Specify a short name (or alias) for the virtual directory. This alias should be used during ICS installation to define the path to the ICS server.

Set the ics_server directory as the Web Site Content Directory.

Select the Execute option for the ics_server/bin sub-directory to allow Internet Information Services to execute ICS CGI scripts.

3. Change directories to ics_server/bin/ and execute the ics_server/bin/install.exe installation application.

4. Follow the installation instructions.

When prompted, provide:

The full URL to the gateway you want to protect, in the form of http://server:port/path_to_gateway.

The full URL to the ICS Web location, in the form of http://server:port/path. The Server name or IP should be the same as for the gateway. Be sure to make note of the location you specify here. You will later use this URL to access the Administrator Console.

These URLs may be entered as command line parameters if you are running the install script from a batch file. Command line of the installation script should be the following: install.sh | install.exe [portal_url URL] [ics_url URL], where [portal_url] and [ics_url] are the parameter names and [URL] is the required form of the corresponding URL.

5. In IIS Manager, add ics_filter.dll to the list of ISAPI filters by performing the following tasks:

a. Add the filter ics_server/bin/ics_filter.dll.

b. Assign a name (for example, ICSFilter) to the filter.

Perform this step using cmd.exe; do not perform it from the Windows GUI.

Installation Process for Internet Information Services


6. Grant read/write permissions for the ics_server\bin\data directory to the following IIS accounts:

Account responsible for CGI applications

Administrator account that you want to make responsible for the ICS portal.

This step allows ICS CGI scripts to access the \bin\data directory.

7. Grant write permissions for the ics_server\components directory to the following IIS accounts:

Account responsible for CGI applications

Administrator account that you want to make responsible for the ICS portal.

This step allows ICS CGI scripts to access the \components directory.

8. Establish authentication so that only the administrator account responsible for the ICS portal has Read and Execute permissions for the following CGI scripts and HTML pages:

/bin/ctool.cgi

/bin/report.cgi

/ctool/ctoolx.html

/ctool/swsx.html

Anonymous access should be disabled for these CGI scripts and HTML pages.

9. If you are running Internet Information Services version 6.0 only, perform the following steps:

a. Add ICS4 as a new Web Service Extension, and set the following Web extension permissions to allowed:

\bin\ctool.cgi

\bin\report.cgi

\bin\translator.cgi

\bin\ics_filter.dll

b. Enable the .tpl file extension with a MIME type of text/plain for your Web site in IIS Manager.

10. Restart the Internet Information Services server to apply the ICS settings.

Upgrade Installation Process


Upgrade Installation ProcessUse the following instructions to upgrade an older version of ICS to the current release version.

To upgrade ICS from release 4.0 or 4.0 HFA1 to the current release version

1. Stop your Web server application.

2. Stop all running instances of the report.cgi application.

3. Remove the ISAPI filter for ICS from your Web Site properties (IIS only).

4. Copy policy.xml from /bin/data to a temporary directory.

5. Extract the files to the directory where you want to install ICS.

6. Install the current version of ICS, using the appropriate instructions for your Web server application:

For Apache installation instructions, see “Installation Process for Apache,” on page 19.

For Internet Information Services, see “Installation Process for Internet Information Services (IIS),” on page 21.

7. Copy policy.xml from the temporary directory to /bin/data.

8. Change directories to ics_server/bin and perform the appropriate command for your operating system:

Linux: db_upgrade.sh

Windows: report.cgi convert

This step updates the scan reporting database report.db. This process may last up to several hours, depending on your server hardware and the size of the report database.

To upgrade ICS from release 3.7 to the current release version

1. Stop your Web server application.

2. Remove the ISAPI filter for ICS from your Web Site properties (IIS only).

3. Copy the enforcement_rules.xml file from /sre/data to a temporary directory.

4. Change directories to the ICS 3.7 server location and run the command:

uninstall.sre.bat

This uninstalls the ICS 3.7 application.

5. Extract the installation files to the directory where you want to install ICS 4.1.

6. Install the current version of ICS, using the appropriate instructions for your Web server application:

For Apache installation instructions, see “Installation Process for Apache,” on page 19.

Uninstallation Process


For Internet Information Services, see “Installation Process for Internet Information Services (IIS),” on page 21.

7. Move the enforcement_rules.xml file from the temporary directory where you saved it to the ics_server/ctool directory.

This step does not migrate anti-spyware rules; you must recreate them in the Administrator console.

8. Open the ICS Administrator console.

You will receive a message stating that the old policy has been found and that it will be migrated.

9. Perform the following steps:

a. Open the Policy Manager page and check that your saved policies have been copied over correctly.

Due to restrictions in the Custom Rules format in ICS 4.1 (such as file path and registry format), some rules that were valid in ICS 3.7 may be invalid in ICS 4.1. If you created your own enforcement rules in ICS 3.7 and imported them into ICS 4.1, those rules must be recreated and saved in the ICS 4.1 Enforcement Rules page.

b. Click Gateway Configuration, then click Save Configuration.

c. Close the ICS Administrator console.

d. Change directories to ics_server/ctool and remove the enforcement_rules.xml file.

Uninstallation ProcessUse the following instructions to uninstall ICS.

To uninstall ICS

1. Stop the Web server.

2. Stop all running instances of report.cgi.

3. If you are running Apache Web server, remove the ics-apache.conf configuration from apache configs (from httpd.conf or automatically included subfolders).

4. If you are running Microsoft IIS, perform the following steps:

a. Remove the Virtual Directory which you created for ICS.

b. Remove ics_filter.dll from the ISAPI filters for your Web server.

c. Remove the Web Service Extension which you created for ICS (for IIS 6.0 only).

The protected gateway URL must be the same as the one protected by the ICS 3.7 installation.

Reconfiguration Processes


d. Remove the .tpl file extension MIME type which you created for ICS (for IIS 6.0 only).

5. Delete the ics_server folder.

6. Restart the Web server.

Reconfiguration ProcessesIf needed, you can use parameters to reconfigure ICS after the initial installation. Use the reconfiguration parameters to:

Configure ICS to receive software updates. “Configuring ICS to receive software updates,” on page 25

Move ICS to another server. “Moving ICS to another server,” on page 26.

Change the protected gateway. “Changing the protected gateway,” on page 26.

Relocate the Administrator Console. “Relocating the Administrator Console,” on page 27.

Configuring ICS to receive software updatesTo configure ICS to receive software updates, you must:

Download a license file for ICS.

Set the http_proxy variable.

Downloading a license file for ICS

ICS requires a valid license file in order to download software updates.

To download a license file

1. Sign up for a Check Point User Center account at https://usercenter.checkpoint.com.

You will be provided a user ID and password. Please save them for future reference.

2. In the Check Point User Center, activate your ICS product.

The User Center generates a unique license file cp.lic.

3. Download the cp.lic license file from the Check Point User Center and save it to:

<ics_server>/bin/data/cp.lic

Moving ICS to another server


4. Ensure that the Apache Web server has read permission for cp.lic.

Setting the http_proxy variable

The ICS server requires access to the Internet for software updates. ICS includes the CURL library for external HTTP communication. If you use a proxy server for Internet access, you must set the http_proxy environment variable.

To set the http_proxy environment variable

1. Get the name and port number of the proxy server.

You will need this information for the http_proxy variable.

2. Define the variable by using one of the following methods:

define http_proxy in the .htaccess file in the /ics_server/bin folder.

define http_proxy in the httpd.conf configuration file for the Apache server.

export the definition as a global environment variable.

define http_proxy in the Environment Variables (Windows only).

Moving ICS to another serverUse the following instructions to move ICS server to another location. This location must be on the same server computer as the Apache Web server.

To move the ICS server:

1. In the new location, run the executable with the ‘reconfigure’ parameter.

install.sh reconfigure for Linux servers

install.exe reconfigure for Windows servers

2. If you are using Apache, add the content of the new ics-apache.conf file to the Apache Web server configuration file.

Either use the ‘include’ directive or copy the ics-apache.conf file to the folder that was automatically included by Apache during configuration.

3. If you are using Internet Information Services, restart the Web server.

Changing the protected gatewayUse the instructions in this section if you need to reconfigure ICS to protect a different gateway. The gateway must be on the same server computer as the Apache Web server.


Relocating the Administrator Console


To change the protected gateway:

1. In the new location, run the executable with the ‘portal_url’ parameter and the URL of the new portal.

install.sh portal_url http://www.<your new portal url> for Linux servers

install.exe portal_url http://www.<your new portal url> for Windows servers

2. If you are using Apache, add the contents of the new ics-apache.conf file to the Apache Web server configuration file.


3. If you are using Internet Information Services, restart the Web server.

Relocating the Administrator ConsoleUse the instructions in this section to change the ICS Web location. This is the location that administrators use to access the Administrator Console.

To relocate the Administrator Console:

1. In the new location, run the executable with the ‘ics_url’ parameter and the URL of the new portal.

install.sh ics_url http://www.<your new Web location URL> for Linux servers

install.exe ics_url http://www.<your new Web location URL> for Windows servers

2. Add the contents of the new ics-apache.conf file to the Apache Web server configuration file.


Where To From Here?You have now learned the basics that you need to get started. The next step is to obtain more advanced knowledge of your Check Point software.



Where To From Here?


Check Point documentation is also available in PDF format on the Check Point CD and the Technical Support download site at: http://www.checkpoint.com/support/technical/documents

Be sure to also use the Check Point Online Help when you are working with the ICS Administrator Console.

For additional technical information about Check Point products, consult Check Point’s SecureKnowledge at: https://secureknowledge.checkpoint.com

Where To From Here?


integrity clientless security administrator guide is the industry's op en, multi-vendor...

Documents