Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Contributor

Secure Configuration Verification

Hello guys!

I'm trying to be sure about the features who will help me to enforce the SCV policy to the endpoints.

What are the ways to push the SCV policy to the endpoints?

1 - Using Mobile blade? (needs to have a license)

2 - Using Policy Server to deploy a Desktop policy? (needs to have a license of CPSM-CONP-E)

 

Please, let me know if my understanding is right and if there are other options to push (to enforce) the SCV.

 

Thank you, guys!

0 Kudos
Reply
6 Replies
Admin
Admin

When you push Desktop Policy, it is pushed to the Security Gateway. The client, when it connects, runs SCV checks locally. The gateway decides to allow you (or not) based on the SCV checks.

I don't believe Mobile Access Blade supports SCV.

0 Kudos
Reply
Contributor

Hi @PhoneBoy ,

Currently we are running the gateway with MOB-U (SSL-U) unlimited license, is it enough to deploy SCV.

Do we need any additional license on the Security Gateway or the Management Server.

Thank you!!!

 

 

 

 

0 Kudos
Reply
Champion
Champion

According to sk147416 - Secure Configuration Verification (SCV) this is only enforced by Endpoint Security Client, VPN StandAlone or Full Suite version. Only these have a Desktop Policy - Mobile or SNX can not do SCV at all !

Admin
Admin

Actually Check Point Mobile also supports SCV.
You may need to configure it to skip checking for a desktop policy, though: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Contributor

Thank you @PhoneBoy  and @G_W_Albrecht  for the details,

Currently we are using Endpoint Security VPN with the below license:

CPAP-SG1540X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-SSLVPN-U CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSG-VSX-10S CPSB-IPS CPSB-URLF CPSB-APCL CPSB-AV CPSB-ABOT-L CPSB-ASPM CPSB-CTNT 

Could you confirm if the license is all that's needed to proceed with SCV.

Also could anyone explain me the difference between Checkpoint Mobile and Checkpoint Endpoint Security VPN (Use cases).

 

0 Kudos
Reply
Admin
Admin

From a licensing perspective yes.

Endpoint Security VPN includes a desktop firewall that can be managed either as part of the Desktop Policy on a Gateway (blade must be enabled on the gateway object) or via Endpoint Security Management.
It's also included with SandBlast Agent, which includes compliance checks configured on Endpoint Management.
Endpoint Security VPN/SBA is licensed per installed host.

Check Point Mobile does not include a desktop firewall and is licensed per concurrent connection with the gateway.
It can be used with Mobile Access Blade.

0 Kudos
Reply