Thursday, June 16, 2011

Setting up the ICA Management Tool

Print Email

Setting up the ICA Management Tool

Solution ID: sk30501
Product: Security Gateway, Security Management
Version: NG AI R54, NG AI R55
Last Modified: 25-Dec-2008
Did this solution solve your problem?
[Click on the stars to rate]

SOLUTION

Overview of Procedures:
====================

- Setting up the ICA Management Tool connection (creating a Certificate user)
- Enabling the ICA Management Tool on the SmartCenter Server
- Importing the user Certificate to the Client
- Accessing the ICA Management Tool


PROCEDURES:
===========


Setting up ICA Management Tool Connection:
-----------------------------------------------------

1) Log into SmartDashboard, and select Manage > Users and Administrators.
2) In the Users and Administrators dialog box, select New > User by Template > Default.
3) in the User Properties dialog box > General tab, enter the user login name (e.g., John_Smith) in the Login Name field.
4) Select the Personal tab, and verify the Expiration Date is set to a valid future date (e.g., 31-dec-2008).
5) Select the Certificates tab, and click the Generate and save button.
NOTE:
A dialog box with the following message will be displayed:

Check Point SmartDashboard
The generation of the certificate for the user cannot be undone, unless you click Revoke.
Ok to continue?

6) Click OK.
7) In the Enter Password dialog box, enter the desired user password in the Password field.
8) Confirm the user password.
9) Click OK.
10) In the dialog box Save Certificate File As, select the desired location to save the Certificate file.
11) Verify the user login name (e.g., John_Smith) is displayed in the File name field.
12) Verify that "Certificate Files (*.p12)" is selected in the Save as type drop-down list.
13) Click Save.
14) On the Certificates tab, observe the information in the DN field, which should look something like this:

CN=John_Smith,OU=users,O=saturn.detroit.com.k7ekvo15) Click OK in the User Properties dialog box.
16) Click Close in the Users and Administrators dialog box.
17) Select File > Save.
18) Transfer the *.p12 file (e.g. (e.g., John_Smith.p12) to the Client that is connecting to the ICA Management Tool.
NOTE:
The *.p12 file is in the directory designated in step 10.


Enabling the ICA Management Tool on the SmartCenter Server:
--------------------------------------------------------------------------

1. On the SmartCenter Server, type at prompt:
cpca_client set_mgmt_tool on -a "CN=John_Smith,OU=users,O=saturn.detroit.com.k7ekvo"

NOTE 1:
The following message will be displayed before the command prompt returns:

Successfully set the management tool.
The authorized administrators:
(
: ("CN=John_Smith,OU=users,O=saturn.detroit.com.k7ekvo")
)
The authorized users:
()

Note 2:
Once the ICA Management Tool is started, the SmartCenter Server will be listening on TCP port 18265 (FW1_ica_mgmt_tools service).Importing the user Certificate to the Client:
-------------------------------------------------

1) Open Internet Options from the Windows Control Panel.
2) In the Internet Options dialog box, select the Content tab.
3) On the Content tab, click the Certificates button.
4) In the Certificates dialog box, select the Personal tab.
5) Click the Import button.
6) Click Next on the Welcome to the Certificate Import Wizard dialog box.
7) In the File to Import Window, browse to the the location of the *.p12 (e.g., John_Smith.p12) file.
8) In the Open dialog box, verify that "Personal Information Exchange (*.pfx,*.p12)" is selected in the Files of type drop-down list.
9) Select the file *.p12 in the window.
10) Click the Open button.
11) In the File to Import dialog box, click Next.
12) In the Password dialog box, enter the user Certificate password in the Password field.
NOTE: Clear the following two boxes:

Enable strong private key protection. You will be
prompted every time the private key is used by an
application if you enable this option.

Mark the private key as exportable

13) Click Next.
14) In the Certificate Store dialog box, verify that "Automatically select the certificate store based on the type of certificate" is selected.
15) Click Next.
16) In the Completing the Certificate Import Wizard dialog box, click Finish.
NOTE:
A message similar to the following will be displayed:

Root Certificate Store
Do you want to ADD the following certificate to the Root Store?
Subject: saturn.detroit.com.k7ekvo
Issuer: Self Issued
Time Validity: Saturday, January 15, 2005 through Friday, January 10, 2025
Serial Number: 01
Thumbprint (sha1): A776E94B CC724593 7573BC8D 08622B95 6F384CD0
Thumbprint (md5): 9AE76B7E 16CE87FF 46F2AEF9 BC9FD754

17) Click Yes.

NOTE:
A window with the following message will be displayed:

Certificate Import Wizard
The import was successful.

18) Click OK.Accessing the ICA Management Tool:
--------------------------------------------

1) Launch Internet Explorer from the Client, enter the appropriate URL, and connect to TCP port 18265 via the HTTPS protocol.
Example: https://192.168.2.100:18265

NOTE:
A dialog box with the following message will be displayed:

Client Authentication
Identification
The Web site you want to view requests identification.
Select the certificate to use when connecting.

2) Select the appropriate Certificate (e.g., John_Smith) for authenticating to the ICA Management Tool.
3) Click OK.
4) In the Security Alert dialog box, click Yes.