Solution Overview of Procedures: ==================== Setting up the ICA Management Tool connection (creating a Certificate user) Enabling the

ICA Management Tool on the SmartCenter Server Importing the user Certificate to the Client Accessing the ICA Management Tool

PROCEDURES: =========== Setting up ICA Management Tool Connection: ----------------------------------------------------1) Log into SmartDashboard, and select Manage > Users and Administrators. 2) In the Users and Administrators dialog box, select New > User by Template > D efault. 3) in the User Properties dialog box > General tab, enter the user login name (e .g., John_Smith) in the Login Name field. 4) Select the Personal tab, and verify the Expiration Date is set to a valid fut ure date (e.g., 31-dec-2008). 5) Select the Certificates tab, and click the Generate and save button. NOTE: A dialog box with the following message will be displayed: Check Point SmartDashboard The generation of the certificate for the user cannot be undone, unless you clic k Revoke. Ok to continue? 6) Click OK. 7) In the Enter Password dialog box, enter the desired user password in the Pass word field. 8) Confirm the user password. 9) Click OK. 10) In the dialog box Save Certificate File As, select the desired location to s ave the Certificate file. 11) Verify the user login name (e.g., John_Smith) is displayed in the File name field. 12) Verify that "Certificate Files (*.p12)" is selected in the Save as type drop -down list. 13) Click Save. 14) On the Certificates tab, observe the information in the DN field, which shou ld look something like this: CN=John_Smith,OU=users,O=saturn.detroit.com.k7ekvo15) Click OK in the User Prope rties dialog box. 16) Click Close in the Users and Administrators dialog box. 17) Select File > Save. 18) Transfer the *.p12 file (e.g. (e.g., John_Smith.p12) to the Client that is c onnecting to the ICA Management Tool. NOTE: The *.p12 file is in the directory designated in step 10. Enabling the ICA Management Tool on the SmartCenter Server: --------------------------------------------------------------------------

1. On the SmartCenter Server, type at prompt: cpca_client set_mgmt_tool on -a "CN=John_Smith,OU=users,O=saturn.detroit.com.k7e kvo" NOTE 1: The following message will be displayed before the command prompt returns: Successfully set the management tool. The authorized administrators: ( : ("CN=John_Smith,OU=users,O=saturn.detroit.com.k7ekvo") ) The authorized users: () Note 2: Once the ICA Management Tool is started, the SmartCenter Server will be listenin g on TCP port 18265 (FW1_ica_mgmt_tools service).Importing the user Certificate to the Client: ------------------------------------------------1) Open Internet Options from the Windows Control Panel. 2) In the Internet Options dialog box, select the Content tab. 3) On the Content tab, click the Certificates button. 4) In the Certificates dialog box, select the Personal tab. 5) Click the Import button. 6) Click Next on the Welcome to the Certificate Import Wizard dialog box. 7) In the File to Import Window, browse to the the location of the *.p12 (e.g., John_Smith.p12) file. 8) In the Open dialog box, verify that "Personal Information Exchange (*.pfx,*.p 12)" is selected in the Files of type drop-down list. 9) Select the file *.p12 in the window. 10) Click the Open button. 11) In the File to Import dialog box, click Next. 12) In the Password dialog box, enter the user Certificate password in the Passw ord field. NOTE: Clear the following two boxes: Enable strong private key protection. You will be prompted every time the private key is used by an application if you enable this option. Mark the private key as exportable 13) Click Next. 14) In the Certificate Store dialog box, verify that "Automatically select the c ertificate store based on the type of certificate" is selected. 15) Click Next. 16) In the Completing the Certificate Import Wizard dialog box, click Finish. NOTE: A message similar to the following will be displayed: Root Certificate Store Do you want to ADD the following certificate to the Root Store? Subject: saturn.detroit.com.k7ekvo Issuer: Self Issued Time Validity: Saturday, January 15, 2005 through Friday, January 10, 2025 Serial Number: 01 Thumbprint (sha1): A776E94B CC724593 7573BC8D 08622B95 6F384CD0

Thumbprint (md5): 9AE76B7E 16CE87FF 46F2AEF9 BC9FD754 17) Click Yes. NOTE: A window with the following message will be displayed: Certificate Import Wizard The import was successful. 18) Click OK.Accessing the ICA Management Tool: -------------------------------------------1) Launch Internet Explorer from the Client, enter the appropriate URL, and conn ect to TCP port 18265 via the HTTPS protocol. Example: https://192.168.2.100:18265 NOTE: A dialog box with the following message will be displayed: Client Authentication Identification The Web site you want to view requests identification. Select the certificate to use when connecting. 2) he 3) 4) Select the appropriate Certificate (e.g., John_Smith) for authenticating to t ICA Management Tool. Click OK. In the Security Alert dialog box, click Yes.

You should now have access to the Internal CA Management Tool.