Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ian_Iams
Explorer

Adding Offsite Computers to an on-premise Endpoint Management Server

Team,

Thank you in advance for taking the time to read this post.

I want to preface this by stating, I am entirely self taught on all things Check Point and therefore need some guidance in regards to a problem I have for one PC. 

As the title states, I have an on premise Check Point Endpoint with Sandblast Management Server running on a virtual server using ESXI. We have appliance based Firewall and Management units on site as well and have an active VPN. All Laptops and Desktops are Windows based platforms. 

I have 1 PC, a desktop unit that is located in our president's personal home office. He utilizes this unit to connect to his office computer via the VPN Remote Client offered by Check Point. 

This PC is currently expiring from it's personal anti-virus and security and I'd like to add this machine to the Management Server on site, preferably without having to transport it to our company network. My inclination is that I'm stuck and will physically have to move the desktop to the network where the server is and install the policies then transport the machine back to his home office, unless I move my Management Server platform to a cloud based solution. I was hoping, given that the endpoint clients can be set to pull updates check point directly, there would be a way to install policy over the VPN or via the cloud without moving my Management Server to the cloud.

 

Any help or suggestions would be greatly appreciated

 

Thank you

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

You will need to create a deployment package that has the necessary blades activated on it plus Remote Access.
This will have to be transferred to the end user somehow and they will install it (assuming they have admin rights).
They will need to connect to VPN to receive updates from your Endpoint management server.
This is how the vast majority of Check Point employees are receiving updates to their Endpoint client today.

0 Kudos
Ian_Iams
Explorer

Thank you very much. I have a package configured to include the Remote Access, was just unsure if the VPN portion of that package would be available prior to initial policy installation. If I can configure the VPN Tunnel before the policy install, that's fantastic, I'll do that and it will save me a lot of back and forth

Thank you very much for the help and the education

0 Kudos
PhoneBoy
Admin
Admin

You can distribute VPN configuration as part of the package as well.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos