Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Collaborator

Endpoint Security, registration

Hi,

I have been playing around a bit with the Check Point Endpoint agent and the sandblast cloud portal. Got a few questions...

As of now I do have a few clients connected, running them for testing pourposes so I have enabled everything 🙂 , that means all blades.. So I got compliance, anti malware, media encrypt, firewall and application control..remote access vpn..anti bot.. all of em'.

Note that I do not as of now have an AD available, so I am using virtual groups in the management as I would with OU's to have different rules for different groups of machines. Working fine!

1. I have created software packages and copied them manually to my differenmt clients. They register/connect of course without issues. But I was wondering if there was some way of exporting the key or password ? So that a client could install the software from wherever and the just hit "register to management" --- is there an option for this at all ? I am lost on this..

2. Building the software package I was able to pre-define a VPN connection. But as far as I can see, this is static and will be pushed when the software is installed ? Say I want to change the VPN settings or add one more - there is no way of having this pushed out automatically ?? (Fortinet has this option in their client, and I like it! - they also have Software inventory and Identity in their agent, I like that to - but understand that this it not something CP wanna be looking into..at least not the software inventory bit 🙂 )

Any tips would be highly appreciated 🙂 

0 Kudos
Reply
12 Replies
Highlighted
Admin
Admin

Believe that installing your pre-built installation MSI exported from SmartEndpoint is enough to get the clients registered.
Also, when you update VPN settings on the gateway or add blades to a client profile, end users should automatically get updated next time they connect.
0 Kudos
Reply
Highlighted
Collaborator

Hi,

Yes, absolutley - installing the prebuilt MSI will do that. What I was wondering was if there is any option for doing this connection in a manual way ? Using a password, key or anything else ? -this is not really an issue, I was just wondering about it when comparting it to other endpoint solutions.

 

Regarding VPN, let my try to explain in a different way.

Say that I have 50 users, all with the Endpoint installed and configured. When they installed the MSI packet the first time around, I predefined av VPN to HQ. 
But now I want all my users to get a second VPN connection available. I can ofcourse intruct my users to add this tunnel themself, but I was wondering if there was a way for me to push this configuration out to them ? 

 

0 Kudos
Reply
Highlighted
Admin
Admin

Assuming both VPN gateways are managed by the same management server, they should get that information when they connect the next time.
0 Kudos
Reply
Highlighted
Collaborator

I am refering to this: 

endpoint.JPG

0 Kudos
Reply
Highlighted
Admin
Admin

As far as I know, that information should get communicated to the VPN client the next time it connects to the site (after disconnecting).
0 Kudos
Reply
Highlighted
Collaborator

Nope - it dont. 🙂 , at least not for me. I do wonder if Check Point pays Jackson Pollock royalties for their endpoint solutions 😄 

0 Kudos
Reply
Highlighted
Admin
Admin

Did you set the second gateway up as a MEP gateway?
0 Kudos
Reply
Highlighted
Collaborator

I am not talking about any gateways 🙂 -- it is the SmartEndpoint deployment. Where you build the actuall package and controll the policy of the agent. 

0 Kudos
Reply
Highlighted
Admin
Admin

But the screenshot says VPN gateways?
0 Kudos
Reply
Collaborator

Its is a completley different gateway out of my controll - lets say it is the VPN of a completley different company... This is related to deployment of the agent itself, where you can predefine VPN sites.

0 Kudos
Reply
Highlighted
Admin
Admin

I understand what the setting does.
As the screenshot implies, this only refers to configuration at initial installation.
Further updates to this setting come from the VPN gateway itself.
I don't believe you can add VPN gateways that are not controlled by you after the client was installed.
0 Kudos
Reply
Highlighted
Collaborator

Hi, yes this is what I was wondering. Because other firewall suppliers having their own endpoint client, will give you the option of adding in VPN connections to the agent on the different clients. But Check Point does not support this it looks like

0 Kudos
Reply