- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
For the gateway configured to perform HTTPS inspection, with certificate created and distributed to clients, normal traffic behaves as expected:
But when UserCheck is encountered in the rulebase, the gateway serving its VPN certificate:
Which, as it happens, was not distributed to internal hosts.
Is there a way to address it properly?
Yes, on the cluster/gateway properties under UserCheck you can enter the FQDN for UserCheck Portal and import a proper certificate matching it.
For sure FQDN must be resolvable to Cluster/Gateway IP.
Yes, on the cluster/gateway properties under UserCheck you can enter the FQDN for UserCheck Portal and import a proper certificate matching it.
For sure FQDN must be resolvable to Cluster/Gateway IP.
Just to clarify, the UserCheck portal serves it's own certificate that is not subject to HTTPS Inspection (if I recall correctly).
Thus that certificate needs to be correct/something the client is configured to accept.
It would definitely be better if we could leverage the HTTPS Inspection CA in this case
Agree with you on idea of using same cert for multiple purposes. It would actually be nice if the CA on SMS would've been a bit more functional with good front end. Some environments do not have PKI in place and could've used Check Point for this purpose.
The front end of the Internal CA is called SmartConsole
Granted, it's not meant as a full CA but for specific functionality, which could potentially be expanded.
good one
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY