Integrity Clientless Security: Getting Started Guide

Integrity Clientless Security
Getting Started Guide

Version 4.1
1-0NNN-0410-2006-11-06 (EA)
© 2006 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their
use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by
any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book,
Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change
without notice.
TRADEMARKS:
© 2006 Check Point Software Technologies Ltd.
All rights reserved. Check Point, Application Intelligence, Check Point Express, the Check Point logo, AlertAdvisor, ClusterXL,
Cooperative Enforcement, ConnectControl, Connectra, CoSa, Cooperative Security Alliance, FireWall-1, FireWall-1 GX, FireWall-1
SecureServer, FloodGate-1, Hacker ID, IMsecure, INSPECT, INSPECT XL, Integrity, InterSpect, IQ Engine, Open Security Extension,
OPSEC, Policy Lifecycle Management, Provider-1, Safe@Home, Safe@Office, SecureClient, SecureKnowledge, SecurePlatform,
SecuRemote, SecurServer, SecureUpdate, SecureXL, SiteManager-1, SmartCenter, SmartCenter Pro, Smarter Security,
SmartDashboard, SmartDefense, SmartLSM, SmartMap, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter,
SmartView Status, SmartViewTracker, SofaWare, SSL Network Extender, TrueVector, UAM, User-to-Address Mapping, UserAuthority,
VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 VSX,
Web Intelligence, ZoneAlarm, Zone Alarm Pro, Zone Labs, and the Zone Labs logo, are trademarks or registered trademarks of Check
Point Software Technologies Ltd. or its affiliates. All other product names mentioned herein are trademarks or registered trademarks of
their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726 and
6,496,935 and may be protected by other U.S. Patents, foreign patents, or pending applications.
Contents
Chapter 1 Integrity Clientless Security 4.1
Welcome ................................................................................. 9
In This Guide ......................................................................... 10
Integrity Clientless Security 4.1 Documentation ........................ 10
Chapter 2 Introduction
Overview ................................................................................ 11
Product CD-ROMs .................................................................. 11
For New Check Point Customers .............................................. 12
.What’s New in ICS 4.1 ........................................................... 12
Support For Microsoft Internet Information Services (IIS) ..............12
Linux and Macintosh support ......................................................12
Enhanced Antivirus Applications Support .................................. 13
Enhanced Firewall Applications Support ......................................13
Redesigned Scanner Policy Configuration ....................................13
Secure Workspace Policy Configuration ........................................14
Secure Workspace Bypass Option ................................................14
Enhanced Reporting Database Performance .................................14
Filtering ...................................................................................14
Improved Anti-keylogger Reporting ..............................................14
Chapter 3 Getting Started

ICS Terminology ..................................................................... 15
Prerequisites .......................................................................... 15
Systems Requirements ............................................................ 15
Server Requirements ..................................................................16
Endpoint Requirements ..............................................................17
Other Prerequisites ....................................................................18
Chapter 4 Installing and Reconfiguring ICS

Installation Process for Apache ................................................ 19
Installation Process for Internet Information Services (IIS) ......... 21
Upgrade Installation Process ................................................... 23
Uninstallation Process ............................................................ 24
Reconfiguration Processes ....................................................... 25
Configuring ICS to receive software updates .................................25
Moving ICS to another server ......................................................26
Changing the protected gateway ..................................................26
Relocating the Administrator Console ..........................................27
ICS Administrator Guide 5

Chapter 1
Integrity Clientless Security 4.1
This chapter contains the following topics:

“Welcome,” on page 9
“In This Guide,” on page 10
“Integrity Clientless Security 4.1 Documentation,” on page 10
Welcome
Thank you for choosing Check Point’s IIntegrity Clientless Security. We hope that you will be
satisfied with this solution and our support services. Check Point products provide your
business with the most up to date and secure solutions available today.
Check Point also delivers worldwide technical services including educational, professional
and support services through a network of Authorized Training Centers, Certified Support
Partners and Check Point technical support personnel to ensure that you get the most out of
your security investment.
In order to extend your organization’s growing security infrastructure and requirements, we
recommend that you consider adopting the OPSEC platform (OpenPlatform for Security).
OPSEC is the industry's open, multi-vendor security framework, which has over 350 partners
and the largest selection of best-of-breed integrated applications and deployment platforms.
For additional information on Integrity Clientless Security and other security solutions, refer
to: http://www.checkpoint.com or call Check Point at 1(800) 829-8391. For additional
technical information, refer to: http://support.checkpoint.com.
Welcome to the Check Point family. We look forward to meeting all of your current and future
network, application and management security needs.

In This Guide
In This Guide
This guide provides a brief overview of the Integrity Clientless Security application and
installation procedures.
Integrity Clientless Security 4.1 Documentation

Technical documentation is available on your Integrity Clientless Security 4.1 CD-ROM at:
cd_path_here. These documents can also be found at: http://www.checkpoint.com/support/
technical/documents.
To find out about what's new in ICS 4.1, read the ICS 4.1 Release Notes.
For information on upgrading your current Check Point deployment, refer to the ICS
Administration Guide.
ICS Administrator Guide Integrity Clientless Security 4.1 10

Chapter 2
Introduction

“Overview,” on page 11
“Product CD-ROMs,” on page 11
“For New Check Point Customers,” on page 12
“.What’s New in ICS 4.1,” on page 12
Overview
ICS is a Check Point product that provides unmanaged endpoints with protected, secure
access to your network. ICS provides fully integrated and centrally managed spyware
blocking, complete session confidentiality, and comprehensive security policy enforcement.
ICS 4.1 provides support for Windows, Linux, and Macintosh endpoints, allows use of a wider
range of Antivirus and firewall applications, and provides an enhanced Secure Workspace
application for endpoint computers.
Product CD-ROMs
The NGX R62 media pack contains the following [nn] CD-ROMs:
Table 2-1: CD1: In the Linux Directory

Linux Package Contains...

For New Check Point Customers
Table 2-1: CD1: In the Linux Directory

Linux Package Contains...
For New Check Point Customers

New Check Point customers can access the Check Point User Center
in order to:
Manage users and accounts
Activate products
Get support offers
Open service requests
Search the Technical Knowledge Base
To access the Check Point User Center, go to:
https://usercenter.checkpoint.com/pub/usercenter/get_started.html
.What’s New in ICS 4.1

The following section provides an overview of NGX R62 product enhancements.
Support For Microsoft Internet Information

Services (IIS)
Integrity Clientless Security 4.1 now supports Microsoft IIS 5.0 and 6.0 Web servers.
Linux and Macintosh support

Linux and Macintosh endpoints are now supported by ICS, with the following exceptions:
No support for malware scans on Linux or Macintosh endpoints.
No support for antivirus checks on Macintosh endpoints.
ICS Administrator Guide Introduction 12

Enhanced Antivirus Applications Support
Enhanced Antivirus Applications Support

ICS supports the following antivirus applications:
Kaspersky Antivirus for Linux
avast! Linux Home Edition for Linux
F-Secure Antivirus for Windows
Panda Anti-Virus for Windows
SOFTWIN BitDefender Antivirus for Windows
Zone Labs ZoneAlarm with Antivirus for Windows
AVG Antivirus Free Edition for Windows
Alwit Avast! Antivirus for Windows
NOD32 Antivirus for Windows
AVG Antivirus Free Edition for Linux
Enhanced Firewall Applications Support

ICS supports the following firewall applications:
Check Point Integrity Linux Agent for Linux
Redhat Linux built-in firewall for Linux
Mac OSX/Tiger built-in firewall for Macintosh
McAfee Personal Firewall for Windows
Computer Associates EZ Firewall for Windows
Windows XP Firewall for Windows
BlackICE PC Protection (BlackICE Defender) for Windows
Kerio Firewall for Windows
Outpost Personal Firewall for Windows
Norton Personal Firewall for Windows
Redesigned Scanner Policy Configuration

Policy configuration usability and performance have been improved. Policies are now
configured locally in administrator’s browser. A new Save Configuration button allows you to
save the policy to the ICS server and applies all changes to ICS.

Secure Workspace Policy Configuration
Secure Workspace Policy Configuration

A personal firewall feature is now available in Secure Workspace. It allows the ICS
administrator to restrict Web sites that an endpoint can access during the session. You can
use this feature to isolate an endpoint from the rest of a network and grant access only to the
secured gateway.
Secure Workspace Bypass Option

You can now allow selected endpoint computers to bypass Secure Workspace, even if Secure
Workspace is required by your security policy.
Enhanced Reporting Database Performance

Reporting database performance was significantly improved. ICS now supports up to
100,000 scans in a single database. The reporting database can now be extended up to 1Gb
in size.
Filtering
ICS Reports pages now provide filtering capabilities.
Improved Anti-keylogger Reporting

The Anti-keylogger Report page now provides filtering and search capabilities. The report
page layout was redesigned to be more user-friendly.

Chapter 3
Getting Started

“Prerequisites,” on page 15
“Systems Requirements,” on page 15
“Server Requirements,” on page 16
“Endpoint Requirements,” on page 17
“Other Prerequisites,” on page 18
ICS Terminology
[Reviewers: please feel free to suggest any terms that should be defined here.]
Prerequisites
Before you begin, make sure your system meets the following requirements:
Your gateway must be set up and functioning normally and users must be able to connect
to your gateway
You must have CGI scripts turned on
Systems Requirements
This section outlines the server and endpoint computer requirements and other prerequisites.

Server Requirements
Server Requirements
Linux Requirements
Linux Kernel 2.4
Debian GNU/Linux 3.1
Fedora Core 4
Novell Linux Desktop 9.1
Intel x86 32-bit compatible processor
CPU 400 MHz Pentium II
RAM 64 Mb
20 Mb of available hard-disk space
Apache 1.3, 2.0, or later, with the following modules enabled:
mod_cgi
mod_rewrite
mod_auth (1.3 and 2.0 only)
mod_auth_basic (2.2 and later only)
mod_authn_file (2.2 and later only)
Windows Requirements
Windows 2000 Server or Windows 2003 Server
Intel x86 32-bit compatible processor
400 MHz Pentium II
RAM 256 Mb
20 Mb of available hard-disk space
One of the following Web servers:
Apache 1.3, 2.0, or later with the following modules enabled:
mod_cgi
mod_rewrite
mod_auth (1.3 and 2.0 only)
mod_auth_basic (2.2 and later only)
mod_authn_file (2.2 and later only)
Microsoft Internet Information Services (IIS) 5.0 or 6.0
ICS Administrator Guide Getting Started 16

Endpoint Requirements
Administrator Client Requirements

Internet Explorer 6.0 or later configured to allow cookies, run ActiveX components or Sun
Java applets enabled or Microsoft Java VM enabled.
Mozilla Firefox 1.5 or later configured to allow cookies and Sun Java applets support
enabled.
Java applet caching must be disabled.
Endpoint Requirements
For endpoint computers to be successfully serviced by Integrity Clientless Security, they must
meet the endpoint requirements outlined in this section. When a user tries to access your
gateway without the proper browser or settings, an error message is displayed detailing the
browser requirements. You can choose to allow access for endpoint computers that do not
meet your requirements, however, those computers will not be serviced by ICS.
Supported Operating Systems

For information about allowing access for endpoint computers that are running unsupported
operating systems see “Configuring ICS to fail open,” on page 23.
For Integrity Security Scanner:

Windows 98/ME
Windows NT4 SP6
Windows 2000
Windows XP
Mac OS X (spyware and AV detection not supported)
Linux based on kernel 2.4 (spyware detection not supported)
For Integrity Secure Workspace:

Windows 2000
Windows XP
For Advanced Anti-Keylogging:

Windows 2000
Windows XP

Other Prerequisites
Supported Browsers
Internet Explorer 5.5 or later configured to allow cookies, run ActiveX components or Sun
Java applets enabled or Microsoft Java VM enabled.
Mozilla Firefox 1.0 or later configured to allow cookies and Sun Java applets support
enabled
Netscape Navigator 8.0 or later configured to allow cookies and Sun Java applets support
enabled
Firefox 1.0.4 or later configured to allow cookies and Sun Java applets support enabled
(Linux only)
Konqueror browser (latest version available for distribution; Linux only)
Safari browser configured to allow cookies and Sun Java applets support enabled
(Macintosh only)
Java applet caching must be disabled.
Java Requirements
ICS supports two Java implementations. Endpoint computers must have one of the following
to be serviced by ICS:
Microsoft JVM version 5.5.3810.0 or higher
Sun JRE version 1.4.2 or higher
Integrity Security Scanner cannot scan endpoint computers running Java Runtime
Environment versions 1.4.2_07 through 1.4.2_10 with Firefox or Netscape Web
browsers.
Other Prerequisites
Before installing ICS, you must already have configured the Web site you are going to protect.
You should perform tests to make sure that your users have access to the Web site. It is
important to make sure that your users already have access to the Web site before you begin
to implement ICS.
The ICS server software must be installed on the same physical server computer as the Web
server. For Windows gateway servers ensure that your server machine name does not include
the “_” character. If your gateway server has a “_” character in its name, Internet Explorer
browsers will not process cookies sent from that server.
If you will need a new authorization account for ICS administration, you need to make sure
the appropriate utilities are accessible.
It is recommended that you configure your Web server so that ICS administration pages are
only accessible using the HTTPS protocol.

Chapter 4
Installing and Reconfiguring ICS

“Installation Process for Apache,” on page 19
“Installation Process for Internet Information Services (IIS),” on page 21
“Upgrade Installation Process,” on page 23
“Uninstallation Process,” on page 24
“Reconfiguration Processes,” on page 25
“Where To From Here?,” on page 27
Installation Process for Apache

Use the following instructions to install your ICS Server on Apache HTTP Web server.
To install ICS on Apache HTTP Server:

1. Extract the files.
Extract the appropriate file to a dedicated ICS folder on the same server as the gateway
you are going to protect. This folder must be accessible to the Apache server with read/
write permissions. The ics_server sub-folder will be created automatically.
For Windows, use ics_4.1.zip
For Linux, use ics_4.1.tgz
2. Change directories to ics_server/bin/ and execute the appropriate installation script:
ics_server/bin/install.sh for Linux servers
ics_server/bin/install.exe for Windows servers
3. Follow the installation instructions.
When prompted, provide:

Installation Process for Apache
The full URL to the gateway you want to protect, in the form of http://server:port/
path_to_gateway.
The full URL to the ICS Web location, in the form of http://server:port/path. The
Server name or IP should be the same as for the gateway. Be sure to make note of the
location you specify here. You will later use this URL to access the Administrator
Console.
These URLs may be entered as command line parameters if you are running the install
script from a batch file. Command line of the installation script should be the following:
install.sh | install.exe [portal_url URL] [ics_url URL], where [portal_url] and [ics_url] are
the parameter names and [URL] is the required form of the corresponding URL.
4. Set your password.
The default authorization for the ICS configuration scripts is saved in ics_server/bin/data/
.htpasswd file. You should change the username and password (installation default for
both is icsadm) in this file as soon as possible using the appropriate utility to manage
password files. The default username and password is icsadm/icsadm.
5. Add the contents of ics_server/ics-apache.conf to your Apache Web server configuration
file (usually httpd.conf).
Either use the include directive or copy the ics-apache.conf file to the folder that was
automatically included by Apache during configuration.
If Virtual Host entries are set up in your Apache configuration, then you must add
the first three lines (starting with ‘Rewrite’) from ics-apache.conf into every Virtual
Host entry that corresponds to a portal you are going to protect with ICS.
6. Restart the Apache server to apply the ICS settings.

On Linux servers, use the appropriate command. For example: /etc/init.d/httpd restart.
On Windows servers, use the Apache administration console or restart the service
manually using the list of system services.
If you install more than one ICS server on a single Apache server, you must modify
the ics-apache.conf files generated by the installers. The check-prg
identifiers at line RewriteMap check-prg prg:/path/to/filter must be unique
for each ICS server.
For example, check-prg1, check-prg2, and check-prg3.
You must use the same identifier within the file, at line 'RewriteRule ^ (/path/to/
portal.*)$ ${check-prg:%{HTTP_COOKIE}}$1?%{QUERY_STRING} [NE,L]'.
If you do not do this, the settings you configure on the additional ICS servers will not
take effect.
ICS Administrator Guide Installing and Reconfiguring ICS 20

Installation Process for Internet Information Services
Installation Process for Internet Information

Services (IIS)
Use the following instructions to install your ICS Server on Microsoft Internet Information
Services (IIS) Web server.
To install ICS on Microsoft Internet Information Services (IIS):

1. Extract the files.
Extract the files in ics_4.1.zip to a dedicated ICS folder on the same server as the
gateway you are going to protect. This folder must be accessible to the IIS server with
read/write permissions. The ics_server sub-folder will be created automatically.
2. Create a new virtual directory for your Web site in Internet Information Services using the
IIS Manager, with the following options:
Specify a short name (or alias) for the virtual directory. This alias should be used
during ICS installation to define the path to the ICS server.
Set the ics_server directory as the Web Site Content Directory.
Select the Execute option for the ics_server/bin sub-directory to allow Internet
Information Services to execute ICS CGI scripts.
3. Change directories to ics_server/bin/ and execute the ics_server/bin/install.exe
installation application.
Perform this step using cmd.exe; do not perform it from the Windows GUI.
4. Follow the installation instructions.

When prompted, provide:
The full URL to the gateway you want to protect, in the form of http://server:port/
path_to_gateway.
The full URL to the ICS Web location, in the form of http://server:port/path. The
Server name or IP should be the same as for the gateway. Be sure to make note of the
location you specify here. You will later use this URL to access the Administrator
Console.
These URLs may be entered as command line parameters if you are running the install
script from a batch file. Command line of the installation script should be the following:
install.sh | install.exe [portal_url URL] [ics_url URL], where [portal_url] and [ics_url] are
the parameter names and [URL] is the required form of the corresponding URL.
5. In IIS Manager, add ics_filter.dll to the list of ISAPI filters by performing the following
tasks:
a. Add the filter ics_server/bin/ics_filter.dll.
b. Assign a name (for example, ICSFilter) to the filter.

Installation Process for Internet Information Services
6. Grant read/write permissions for the ics_server\bin\data directory to the following IIS
accounts:
Account responsible for CGI applications
Administrator account that you want to make responsible for the ICS portal.
This step allows ICS CGI scripts to access the \bin\data directory.
7. Grant write permissions for the ics_server\components directory to the following IIS
accounts:
Account responsible for CGI applications
Administrator account that you want to make responsible for the ICS portal.
This step allows ICS CGI scripts to access the \components directory.
8. Establish authentication so that only the administrator account responsible for the ICS
portal has Read and Execute permissions for the following CGI scripts and HTML pages:
/bin/ctool.cgi
/bin/report.cgi
/ctool/ctoolx.html
/ctool/swsx.html
Anonymous access should be disabled for these CGI scripts and HTML pages.
9. If you are running Internet Information Services version 6.0 only, perform the following
steps:
a. Add ICS4 as a new Web Service Extension, and set the following Web extension
permissions to allowed:
\bin\ctool.cgi
\bin\report.cgi
\bin\translator.cgi
\bin\ics_filter.dll
b. Enable the .tpl file extension with a MIME type of text/plain for your Web site in IIS
Manager.
10. Restart the Internet Information Services server to apply the ICS settings.

Upgrade Installation Process
Upgrade Installation Process

Use the following instructions to upgrade an older version of ICS to the current release
version.
To upgrade ICS from release 4.0 or 4.0 HFA1 to the current release version
1. Stop your Web server application.
2. Stop all running instances of the report.cgi application.
3. Remove the ISAPI filter for ICS from your Web Site properties (IIS only).
4. Copy policy.xml from /bin/data to a temporary directory.
5. Extract the files to the directory where you want to install ICS.
6. Install the current version of ICS, using the appropriate instructions for your Web server
application:
For Apache installation instructions, see “Installation Process for Apache,” on page
19.
For Internet Information Services, see “Installation Process for Internet Information
Services (IIS),” on page 21.
7. Copy policy.xml from the temporary directory to /bin/data.
8. Change directories to ics_server/bin and perform the appropriate command for your
operating system:
Linux: db_upgrade.sh
Windows: report.cgi convert
This step updates the scan reporting database report.db. This process may last up to
several hours, depending on your server hardware and the size of the report database.
To upgrade ICS from release 3.7 to the current release version

1. Stop your Web server application.
2. Remove the ISAPI filter for ICS from your Web Site properties (IIS only).
3. Copy the enforcement_rules.xml file from /sre/data to a temporary directory.
4. Change directories to the ICS 3.7 server location and run the command:
uninstall.sre.bat
This uninstalls the ICS 3.7 application.

5. Extract the installation files to the directory where you want to install ICS 4.1.
6. Install the current version of ICS, using the appropriate instructions for your Web server
application:
For Apache installation instructions, see “Installation Process for Apache,” on page
19.

Uninstallation Process
For Internet Information Services, see “Installation Process for Internet Information
Services (IIS),” on page 21.
The protected gateway URL must be the same as the one protected by the ICS 3.7
installation.
7. Move the enforcement_rules.xml file from the temporary directory where you saved it to
the ics_server/ctool directory.
This step does not migrate anti-spyware rules; you must recreate them in the
Administrator console.
8. Open the ICS Administrator console.
You will receive a message stating that the old policy has been found and that it will be
migrated.
9. Perform the following steps:
a. Open the Policy Manager page and check that your saved policies have been copied
over correctly.
Due to restrictions in the Custom Rules format in ICS 4.1 (such as file path and
registry format), some rules that were valid in ICS 3.7 may be invalid in ICS 4.1. If
you created your own enforcement rules in ICS 3.7 and imported them into ICS 4.1,
those rules must be recreated and saved in the ICS 4.1 Enforcement Rules page.
b. Click Gateway Configuration, then click Save Configuration.
c. Close the ICS Administrator console.
d. Change directories to ics_server/ctool and remove the enforcement_rules.xml file.
Uninstallation Process
Use the following instructions to uninstall ICS.
To uninstall ICS
1. Stop the Web server.
2. Stop all running instances of report.cgi.
3. If you are running Apache Web server, remove the ics-apache.conf configuration from
apache configs (from httpd.conf or automatically included subfolders).
4. If you are running Microsoft IIS, perform the following steps:

a. Remove the Virtual Directory which you created for ICS.
b. Remove ics_filter.dll from the ISAPI filters for your Web server.
c. Remove the Web Service Extension which you created for ICS (for IIS 6.0 only).

Reconfiguration Processes
d. Remove the .tpl file extension MIME type which you created for ICS (for IIS 6.0
only).
5. Delete the ics_server folder.
6. Restart the Web server.
Reconfiguration Processes
If needed, you can use parameters to reconfigure ICS after the initial installation. Use the
reconfiguration parameters to:
Configure ICS to receive software updates. “Configuring ICS to receive software
updates,” on page 25
Move ICS to another server. “Moving ICS to another server,” on page 26.
Change the protected gateway. “Changing the protected gateway,” on page 26.
Relocate the Administrator Console. “Relocating the Administrator Console,” on page 27.
Configuring ICS to receive software updates

To configure ICS to receive software updates, you must:
Download a license file for ICS.
Set the http_proxy variable.
Downloading a license file for ICS

ICS requires a valid license file in order to download software updates.
To download a license file

1. Sign up for a Check Point User Center account at https://usercenter.checkpoint.com.
You will be provided a user ID and password. Please save them for future reference.
2. In the Check Point User Center, activate your ICS product.
The User Center generates a unique license file cp.lic.
3. Download the cp.lic license file from the Check Point User Center and save it to:
<ics_server>/bin/data/cp.lic

Moving ICS to another server
4. Ensure that the Apache Web server has read permission for cp.lic.
Setting the http_proxy variable

The ICS server requires access to the Internet for software updates. ICS includes the CURL
library for external HTTP communication. If you use a proxy server for Internet access, you
must set the http_proxy environment variable.
To set the http_proxy environment variable

1. Get the name and port number of the proxy server.
You will need this information for the http_proxy variable.
2. Define the variable by using one of the following methods:
define http_proxy in the .htaccess file in the /ics_server/bin folder.
define http_proxy in the httpd.conf configuration file for the Apache server.
export the definition as a global environment variable.
define http_proxy in the Environment Variables (Windows only).
Moving ICS to another server

Use the following instructions to move ICS server to another location. This location must be
on the same server computer as the Apache Web server.
To move the ICS server:

1. In the new location, run the executable with the ‘reconfigure’ parameter.
install.sh reconfigure for Linux servers
install.exe reconfigure for Windows servers
2. If you are using Apache, add the content of the new ics-apache.conf file to the Apache
Web server configuration file.
Either use the ‘include’ directive or copy the ics-apache.conf file to the folder that was
3. If you are using Internet Information Services, restart the Web server.
Changing the protected gateway

Use the instructions in this section if you need to reconfigure ICS to protect a different
gateway. The gateway must be on the same server computer as the Apache Web server.

Relocating the Administrator Console
To change the protected gateway:

1. In the new location, run the executable with the ‘portal_url’ parameter and the URL of
the new portal.
install.sh portal_url http://www.<your new portal url> for Linux servers
install.exe portal_url http://www.<your new portal url> for Windows servers
2. If you are using Apache, add the contents of the new ics-apache.conf file to the Apache
Web server configuration file.
3. If you are using Internet Information Services, restart the Web server.
Relocating the Administrator Console

Use the instructions in this section to change the ICS Web location. This is the location that
administrators use to access the Administrator Console.
To relocate the Administrator Console:

1. In the new location, run the executable with the ‘ics_url’ parameter and the URL of the
new portal.
install.sh ics_url http://www.<your new Web location URL> for Linux servers
install.exe ics_url http://www.<your new Web location URL> for Windows

servers
2. Add the contents of the new ics-apache.conf file to the Apache Web server configuration
file.
Where To From Here?

You have now learned the basics that you need to get started. The next step is to obtain more
advanced knowledge of your Check Point software.

Where To From Here?
Check Point documentation is also available in PDF format on the Check Point CD and the
Technical Support download site at:
http://www.checkpoint.com/support/technical/documents
Be sure to also use the Check Point Online Help when you are working with the ICS
Administrator Console.
For additional technical information about Check Point products, consult Check Point’s
SecureKnowledge at:
https://secureknowledge.checkpoint.com

Where To From Here?

Where To From Here?

Where To From Here?

Where To From Here?

Integrity Clientless Security: Getting Started Guide

Uploaded by

Copyright:

Available Formats

You might also like

Integrity Clientless Security: Getting Started Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Integrity Clientless Security: Getting Started Guide

Uploaded by

Copyright:

Available Formats

Integrity Clientless Security

Getting Started Guide

© 2006 Check Point Software Technologies Ltd.

Chapter 3 Getting Started

Chapter 4 Installing and Reconfiguring ICS

ICS Administrator Guide 5

This chapter contains the following topics:

ICS Administrator Guide 9

Integrity Clientless Security 4.1 Documentation

ICS Administrator Guide Integrity Clientless Security 4.1 10

This chapter contains the following topics:

Table 2-1: CD1: In the Linux Directory

ICS Administrator Guide 11

Table 2-1: CD1: In the Linux Directory

For New Check Point Customers

.What’s New in ICS 4.1

Support For Microsoft Internet Information

Linux and Macintosh support

ICS Administrator Guide Introduction 12

Enhanced Antivirus Applications Support

Enhanced Firewall Applications Support

Redesigned Scanner Policy Configuration

ICS Administrator Guide Introduction 13

Secure Workspace Policy Configuration

Secure Workspace Bypass Option

Enhanced Reporting Database Performance

Improved Anti-keylogger Reporting

ICS Administrator Guide Introduction 14

This chapter contains the following topics:

ICS Administrator Guide 15

ICS Administrator Guide Getting Started 16

Administrator Client Requirements

Java applet caching must be disabled.

Supported Operating Systems

For Integrity Security Scanner:

For Integrity Secure Workspace:

For Advanced Anti-Keylogging:

ICS Administrator Guide Getting Started 17

Java applet caching must be disabled.

ICS Administrator Guide Getting Started 18

This chapter contains the following topics:

Installation Process for Apache

To install ICS on Apache HTTP Server:

ICS Administrator Guide 19

6. Restart the Apache server to apply the ICS settings.

For example, check-prg1, check-prg2, and check-prg3.

ICS Administrator Guide Installing and Reconfiguring ICS 20

Installation Process for Internet Information

To install ICS on Microsoft Internet Information Services (IIS):

4. Follow the installation instructions.

ICS Administrator Guide Installing and Reconfiguring ICS 21

ICS Administrator Guide Installing and Reconfiguring ICS 22

Upgrade Installation Process

To upgrade ICS from release 3.7 to the current release version

This uninstalls the ICS 3.7 application.

ICS Administrator Guide Installing and Reconfiguring ICS 23

4. If you are running Microsoft IIS, perform the following steps:

ICS Administrator Guide Installing and Reconfiguring ICS 24

install.exe portal_url http://www.<your new portal url> for Windows servers

install.exe ics_url http://www.<your new Web location URL> for Windows