User Manual Part 2
Table Of Contents
- Using SmartDefense
- Using Antivirus and Antispam Filtering
- Overview
- Using VStream Antivirus
- Using VStream Antispam
- How VStream Antispam Works
- Header Marking
- Default Antispam Policy
- Enabling/Disabling VStream Antispam
- Viewing VStream Antispam Statistics
- Configuring the Content Based Antispam Engine
- Configuring the Block List Engine
- Configuring the IP Reputation Engine
- Configuring the VStream Antispam Policy
- Configuring the Safe Sender List
- Configuring VStream Antispam Advanced Settings
- Using Centralized Email Filtering
- Using Web Content Filtering
- Updating the Firmware
- Using Subscription Services
- Working With VPNs
- Overview
- Setting Up Your Safe@Office Appliance as a VPN Server
- Adding and Editing VPN Sites
- Viewing and Deleting VPN Sites
- Enabling/Disabling a VPN Site
- Logging in to a Remote Access VPN Site
- Logging Out of a Remote Access VPN Site
- Using Certificates
- Viewing VPN Tunnels
- Viewing IKE Traces for VPN Connections
- Viewing VPN Topology
- Managing Users
- Using Remote Desktop
- Controlling the Appliance via the Command Line
- Maintenance
- Viewing Firmware Status
- Upgrading Your Software Product
- Configuring a Gateway Hostname
- Configuring Syslog Logging
- Configuring HTTPS
- Configuring SNMP
- Setting the Time on the Appliance
- Using Diagnostic Tools
- Backing Up and Restoring the Safe@Office Appliance Configuration
- Using Rapid Deployment
- Resetting the Safe@Office Appliance to Defaults
- Running Diagnostics
- Rebooting the Safe@Office Appliance
- Using Network Printers
- Troubleshooting
- Specifications
- Glossary of Terms
- Index
Using Certificates
620 Check Point Safe@Office User Guide
Using Certificates
A digital certificate is a secure means of authenticating the Safe@Office appliance to other
Site-to-Site VPN Gateways. The certificate is issued by the Certificate Authority (CA) to
entities such as gateways, users, or computers. The entity then uses the certificate to
identify itself and provide verifiable information.
For instance, the certificate includes the Distinguished Name (DN) (identifying
information) of the entity, as well as the public key (information about itself). After two
entities exchange and validate each other's certificates, they can begin encrypting
information between themselves using the public keys in the certificates.
The certificate also includes a fingerprint, a unique text used to identify the certificate. You
can email your certificate's fingerprint to the remote user. Upon connecting to the
Safe@Office VPN Server for the first time, the entity should check that the VPN peer's
fingerprint displayed in the SecuRemote/SecureClient VPN Client is identical to the
fingerprint received.
The Safe@Office appliance supports certificates encoded in the PKCS#12 (Personal
Information Exchange Syntax Standard) format.
Installing a Certificate
The Safe@Office appliance enables you to install PKCS#12 certificates in the following
ways:
• By generating a self-signed certificate.
See Generating a Self-Signed Certificate on page 621.
• By im
porting a certificate.
The PKCS#12 file you import must have a ".p12" file extension. If you do not have
such a PKCS#12 file, obtain one from your network security administrator.
See Importing a Certificate on page 626.