https://community.checkpoint.com/t5/Endpoint/allow-connections-only-users-with-EC-and-policy-from/m-p/119929#M4402 <P>If you use Enterprise Security VPN clients with FW (Desktop policy defined in Dashboard), there is a simple solution: After a certain date, change the Inbound and Outbound Rules in Dashboard to Drop instead of Encrypt&nbsp;8)</img></P> <P>On next connection, these clients will load the new policy and be unable to connect anymore ! EPS clients will not use this policy.</P> Mon, 31 May 2021 12:09:19 GMT G_W_Albrecht 2021-05-31T12:09:19Z https://community.checkpoint.com/t5/Endpoint/allow-connections-only-users-with-EC-and-policy-from/m-p/119888#M4399 <P>Hello,</P><P>How I can restirct users with Endpoint client (remote acccess) only and allow only users with Endpoint client with policy from SmartEndpoint?<BR />Should I try setting up SVC on the VPN GW R80.20?</P><P>Andrey</P> Mon, 31 May 2021 08:41:35 GMT https://community.checkpoint.com/t5/Endpoint/allow-connections-only-users-with-EC-and-policy-from/m-p/119888#M4399 Andrey_Ganichev 2021-05-31T08:41:35Z https://community.checkpoint.com/t5/Endpoint/allow-connections-only-users-with-EC-and-policy-from/m-p/119903#M4400 <P>Can you explain - maybe using examples of which kind of behaviour you want and which not - what restrictions you speak of ?</P> Mon, 31 May 2021 09:41:35 GMT https://community.checkpoint.com/t5/Endpoint/allow-connections-only-users-with-EC-and-policy-from/m-p/119903#M4400 G_W_Albrecht 2021-05-31T09:41:35Z https://community.checkpoint.com/t5/Endpoint/allow-connections-only-users-with-EC-and-policy-from/m-p/119907#M4401 <P>Currently all users connect to R80.20 Gateway using Endpoint clients (Windows and MacOS). We plan to use Harmony SmartEndpoint server for deploy policy (Firewall, compliance, anti-malware and etc.) for remote users. So we would like to restrict old users with Endoint client without Policy connect to GW and allow only users with clients deployed from exported package from SmartEndpoint server.</P> Mon, 31 May 2021 09:54:29 GMT https://community.checkpoint.com/t5/Endpoint/allow-connections-only-users-with-EC-and-policy-from/m-p/119907#M4401 Andrey_Ganichev 2021-05-31T09:54:29Z https://community.checkpoint.com/t5/Endpoint/allow-connections-only-users-with-EC-and-policy-from/m-p/119929#M4402 <P>If you use Enterprise Security VPN clients with FW (Desktop policy defined in Dashboard), there is a simple solution: After a certain date, change the Inbound and Outbound Rules in Dashboard to Drop instead of Encrypt&nbsp;8)</img></P> <P>On next connection, these clients will load the new policy and be unable to connect anymore ! EPS clients will not use this policy.</P> Mon, 31 May 2021 12:09:19 GMT https://community.checkpoint.com/t5/Endpoint/allow-connections-only-users-with-EC-and-policy-from/m-p/119929#M4402 G_W_Albrecht 2021-05-31T12:09:19Z https://community.checkpoint.com/t5/Endpoint/allow-connections-only-users-with-EC-and-policy-from/m-p/119930#M4403 <P>Thank you for solution.<BR />Unfortunately we don't use Desktop Policy defined in Dashboard, only remote access vpn.</P> Mon, 31 May 2021 12:24:48 GMT https://community.checkpoint.com/t5/Endpoint/allow-connections-only-users-with-EC-and-policy-from/m-p/119930#M4403 Andrey_Ganichev 2021-05-31T12:24:48Z https://community.checkpoint.com/t5/Endpoint/allow-connections-only-users-with-EC-and-policy-from/m-p/119931#M4404 <P>Then change to <SPAN>use Desktop Policy</SPAN><SPAN> defined in Dashboard - that is easy !</SPAN></P> Mon, 31 May 2021 13:06:45 GMT https://community.checkpoint.com/t5/Endpoint/allow-connections-only-users-with-EC-and-policy-from/m-p/119931#M4404 G_W_Albrecht 2021-05-31T13:06:45Z https://community.checkpoint.com/t5/Endpoint/allow-connections-only-users-with-EC-and-policy-from/m-p/119932#M4405 <P>Thank you. I will check the solution.</P> Mon, 31 May 2021 13:14:38 GMT https://community.checkpoint.com/t5/Endpoint/allow-connections-only-users-with-EC-and-policy-from/m-p/119932#M4405 Andrey_Ganichev 2021-05-31T13:14:38Z https://community.checkpoint.com/t5/Endpoint/allow-connections-only-users-with-EC-and-policy-from/m-p/119933#M4406 <P>I think you are just using the pre-defined default Desktop Policy found in old Dashboard and do not realize that - it only tells the client to encrypt outgoing and decrypt ingoing packets, that is just the usual VPN client behaviour ! You can see that in old Dashboard.</P> Mon, 31 May 2021 15:00:53 GMT https://community.checkpoint.com/t5/Endpoint/allow-connections-only-users-with-EC-and-policy-from/m-p/119933#M4406 G_W_Albrecht 2021-05-31T15:00:53Z https://community.checkpoint.com/t5/Endpoint/allow-connections-only-users-with-EC-and-policy-from/m-p/119954#M4407 <DIV class="page" title="Page 82"> <DIV class="layoutArea"> <DIV class="column"> <P><SPAN>Also see&nbsp;</SPAN><SPAN style="font-family: inherit; background-color: #ffffff;">Remote Access VPN R81 Administration Guide</SPAN><SPAN style="font-family: inherit; background-color: #ffffff;">&nbsp;p.82 for details and the note:</SPAN></P> <P><SPAN>If you use Endpoint Security VPN as part of the Check Point Endpoint Security Suite, you can configure if your client Firewall comes from Desktop Security in SmartDashboard or SmartEndpoint.</SPAN></P> </DIV> </DIV> </DIV> Mon, 31 May 2021 14:59:52 GMT https://community.checkpoint.com/t5/Endpoint/allow-connections-only-users-with-EC-and-policy-from/m-p/119954#M4407 G_W_Albrecht 2021-05-31T14:59:52Z