https://community.checkpoint.com/t5/SASE-and-Remote-Access/VPN-check-compliance/m-p/156640#M6321 <P>Compliance in this case refers to the Endpoint Compliance feature, which requires using Endpoint licensing and management (with relevant licenses).<BR />SCV can be done without additional licensing and does not use this feature.&nbsp;</P> Tue, 06 Sep 2022 14:21:48 GMT PhoneBoy 2022-09-06T14:21:48Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/VPN-check-compliance/m-p/156631#M6320 <P>I thing that VPN check/compliance is very nebulous.</P><P>Considering that I have blades Mobile Access and IPSec VPN licensed and enabled on R80.30, could someone validate if I understood correctly?</P><P>1. I can do VPN Mobile compliance, including using the GUI for configuration, without the need for additional licensing.</P><P>2. I can do VPN Client compliance, using very hard SCV file configuration, without the need for additional licensing.</P><P>3. I can't use Endpoint Security Compliance because it depends on a blade license that I haven't.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="cpes.png" style="width: 598px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/17702i007DF6BA160BEB4D/image-size/large?v=v2&amp;px=999" role="button" title="cpes.png" alt="cpes.png" /></span></P><P>&nbsp;</P><P>4. In the image above, in order to enable the "Compliance" feature, would I need to have Endpoint Security Compliance licensed?</P><P>&nbsp;</P><P>Thanks!!!</P> Tue, 06 Sep 2022 13:41:28 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/VPN-check-compliance/m-p/156631#M6320 LucianoJesus 2022-09-06T13:41:28Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/VPN-check-compliance/m-p/156640#M6321 <P>Compliance in this case refers to the Endpoint Compliance feature, which requires using Endpoint licensing and management (with relevant licenses).<BR />SCV can be done without additional licensing and does not use this feature.&nbsp;</P> Tue, 06 Sep 2022 14:21:48 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/VPN-check-compliance/m-p/156640#M6321 PhoneBoy 2022-09-06T14:21:48Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/VPN-check-compliance/m-p/156641#M6322 <P>Seat based licenses like the following examples are the entry point into the fully featured client.</P> <P>CPEP-ACCESS-1Y&nbsp;&nbsp;<SPAN>-or-</SPAN></P> <P><SPAN>CP-HAR-EP-BASIC-1Y</SPAN></P> Tue, 06 Sep 2022 14:22:43 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/VPN-check-compliance/m-p/156641#M6322 Chris_Atkinson 2022-09-06T14:22:43Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/VPN-check-compliance/m-p/156687#M6323 <P>Your understanding is correct on points 2,3 and 4.&nbsp; Not quite sure what is meant with 1.</P> <P>FWIW - Here's a <A href="https://namitguy.blogspot.com/2020/04/implementing-secure-client-verification.html" target="_self">write up I did</A> on how to achieve point 2.</P> Tue, 06 Sep 2022 17:59:14 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/VPN-check-compliance/m-p/156687#M6323 Ruan_Kotze 2022-09-06T17:59:14Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/VPN-check-compliance/m-p/156695#M6324 <P>Guys gave you all good responses. Btw, Im not sure either when you mean by point 1, unless its SCV check.</P> Tue, 06 Sep 2022 19:58:52 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/VPN-check-compliance/m-p/156695#M6324 the_rock 2022-09-06T19:58:52Z