Skip to main content

CheckPoint Software Endpoint Security

Connector name

agtchkpt

Connector type

Executable

Type (UI field value)

CheckPoint Software Endpoint Security

Target system versions supported / tested

  • Pointsec for PC (value: 5)

  • Pointsec for PC 6 / Full Disk Encryption (value: 6)

  • CheckPoint Full Disk Encryption v8.x (value: 8)

  • Pointsec Media Encryption (value Media)

Connector status / support

Customer-Verified

Clients may contact Bravura Security support for assistance with this connector. Troubleshooting and testing must be completed in the client's test environment as Bravura Security does not maintain internal test environments for the associated target system.

The following Bravura Security Fabric operation is supported by the agent for Check Point (agtchkpt):

  • Challenge-response - generate an unlock code to recover control of a machine after reboot and set new password

The following sections show you how to:

  • Configure the Check Point server.

  • Generate users for the Check Point system.

  • Targeting the Check Point server in Bravura Security Fabric .

Preparation

Configuring the CheckPoint server

In order to reset hard-drive encryption passwords, the Bravura Security Fabric leverages the Check Point webRH (Remote Help) module. Before you can manage your hard-drive encryption passwords you must:

  1. Install and configure the webRH module for Check Point. See the webRH documentation for instructions.

  2. Configure a "Self-Help" user account. This is a webRH-specific account which is used by the Bravura Security Fabric to provide automated hard-drive encryption password resets. This user must also be configured to use fixed-password authentication. See the webRH documentation for instructions.

  3. Create and deploy a profile which includes the newly created self-service user. Before self-service password reset can take place, this profile must be deployed to the target workstations. See the webRH documentation for details.

    Note

    The user ID and password configured above is used as the target administrator credentials when targeting the Check Point server.

Generating users for the CheckPoint server

Since the Check Point connector (agtchkpt) cannot list users, a list of users must be provided to Bravura Security Fabric . This list can either be created manually or copied from another target system.

Targeting CheckPoint

Once you have configured the Check Point server and generated users, add the Check Point server as a target system in Bravura Security Fabric :

  • Type is CheckPoint Software Endpoint Security .

  • Address uses options described in the table below.

    The target system address for an installation of Pointsec for PC / Full Disk Encryption is entered as follows:

    {server=<serverName>;port=<portNumber>;ssl=true|false;checkCert=true|false;Version=<versionNumber>;sdkpath=<sdkPath>;Handler=<handlerFunc>;Algorithm=AES|BLOW;ResponseLength=15|20|25|29;}

  • Administrator ID is the user ID you created in Configuring the Check Point server .

The full list of target parameters is explained in Target System Options.

Table 1. CheckPoint Software Endpoint Security address configuration

Option

Description

Options marked with a redstar.png are required.

Server redstar.png

The IP address/domain name of the web server running CheckPoint Software Endpoint Security.

(key: server)

Port redstar.png

The port number used by the CheckPoint Software Endpoint Security web service to communicate with client.

(key: port)

Connection over SSL

Select to enforce SSL connections. Default is "true".

(key: ssl)

Validate the server’s certificate when connecting

Determines whether to validate the server’s security certificate for SSL connections. Default is "true".

(key: checkCert)

HTTP Network Proxy

Specifies a proxy URL to use for connecting.

(key: proxy)

Version redstar.png

Indicates the version of CheckPoint:

  • Pointsec for PC (value: 5)

  • Pointsec for PC 6 / Full Disk Encryption (value: 6)

  • CheckPoint Full Disk Encryption v8.x (value: 8)

  • Pointsec Media Encryption (value Media)

    (key: Version)

Advanced

Checkpoint FDE API path

Specify the Checkpoint FDE API path if the standard is not used.

Standard FDE API path is:

  • CheckPoint Full Disk Encryption v8.x

    webrh/services/webRHSDK

  • Pointsec for PC, Pointsec for PC 6 / Full Disk Encryption and Pointsec Media Encryption

    webRHService/webRHService.dll

    (key: sdkpath)

Handler function

Indicates a specific SOAP handler function.

Currently, the webRH interface only supports the default handler setting, but if Check Point provides alternate handlers in the future, modifying this value may be necessary.

(key: Handler)

Encryption algorithm

Only required for Pointsec for PC. Select AES or BLOW.

See your webRH documentation for help determining the value for this parameter.

(key: Algorithm)

Response length

Set to 15, 20, 25, or 29. This value is only required for Check Point Pointsec Media Encryption.

See your webRH documentation for help determining the value for this parameter.

(key: ResponseLength)



In this section: