This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Jones_Jardel_Po
Contributor
‎2019-03-19 11:05 AM

Secure Configuration Verification

Hello guys!

I'm trying to be sure about the features who will help me to enforce the SCV policy to the endpoints.

What are the ways to push the SCV policy to the endpoints?

1 - Using Mobile blade? (needs to have a license)

2 - Using Policy Server to deploy a Desktop policy? (needs to have a license of CPSM-CONP-E)

 

Please, let me know if my understanding is right and if there are other options to push (to enforce) the SCV.

 

Thank you, guys!

0 Kudos
Reply
6 Replies
PhoneBoy
Admin
Admin
‎2019-03-19 02:48 PM

When you push Desktop Policy, it is pushed to the Security Gateway. The client, when it connects, runs SCV checks locally. The gateway decides to allow you (or not) based on the SCV checks.

I don't believe Mobile Access Blade supports SCV.

0 Kudos
Reply
Lithin_Mathew
Contributor
‎2020-10-02 01:07 AM
In response to PhoneBoy

Hi @PhoneBoy ,

Currently we are running the gateway with MOB-U (SSL-U) unlimited license, is it enough to deploy SCV.

Do we need any additional license on the Security Gateway or the Management Server.

Thank you!!!

 

 

 

 

0 Kudos
Reply
G_W_Albrecht
Champion
Champion
‎2020-10-02 04:25 AM
In response to Lithin_Mathew

According to sk147416 - Secure Configuration Verification (SCV) this is only enforced by Endpoint Security Client, VPN StandAlone or Full Suite version. Only these have a Desktop Policy - Mobile or SNX can not do SCV at all !

Reply
PhoneBoy
Admin
Admin
‎2020-10-02 09:28 AM
In response to G_W_Albrecht

Actually Check Point Mobile also supports SCV.
You may need to configure it to skip checking for a desktop policy, though: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Reply
Lithin_Mathew
Contributor
‎2020-10-04 12:47 AM
In response to PhoneBoy

Thank you @PhoneBoy  and @G_W_Albrecht  for the details,

Currently we are using Endpoint Security VPN with the below license:

CPAP-SG1540X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-SSLVPN-U CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSG-VSX-10S CPSB-IPS CPSB-URLF CPSB-APCL CPSB-AV CPSB-ABOT-L CPSB-ASPM CPSB-CTNT 

Could you confirm if the license is all that's needed to proceed with SCV.

Also could anyone explain me the difference between Checkpoint Mobile and Checkpoint Endpoint Security VPN (Use cases).

 

0 Kudos
Reply
PhoneBoy
Admin
Admin
‎2020-10-04 11:51 PM
In response to Lithin_Mathew

From a licensing perspective yes.

Endpoint Security VPN includes a desktop firewall that can be managed either as part of the Desktop Policy on a Gateway (blade must be enabled on the gateway object) or via Endpoint Security Management.
It's also included with SandBlast Agent, which includes compliance checks configured on Endpoint Management.
Endpoint Security VPN/SBA is licensed per installed host.

Check Point Mobile does not include a desktop firewall and is licensed per concurrent connection with the gateway.
It can be used with Mobile Access Blade.

0 Kudos
Reply