This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Per_Opel
Explorer
‎2019-05-16 11:36 PM

Disconnected policy in EndPoint Security client

Hi,

We have a some PC's with Endpoint Security installed. The blades that are activated oc the PC's are VPN, Compliance and Firewall. The management server is running R77.30 and the client version is E80.90.

We are using location awareness and auto-connect and hub mode for these clients.

A few weeks back we noticed that if we connected a PC to the LAN all local connected started to fail. We could not get DNS, DHCP or say mount an internal file share. Externally the connections were allowed.

While investigating I found that the firewall logs on the client drops all internal traffic due to (192.168.2.43 is the DNS):

[ 5844 1952] [15 May 13:31:34] FWMSG_RULE_ACTION, dstIp = 192.168.2.43 (port 53)
rule name = DropClrToEnc, src ip = 192.168.10.8, srcport=52405 action=DROP/NOTIFY,
Protocol=ETHERNET/IP, dwSubProtocol=UDP, dwClientId=0

So I've been trying to see where this rule originate from. Since were using the thin client for Endpoint Security it seems like the policy in SmartEndpoint is not utilizied for this client.

I've installed the Checkpoint Mobile client (which is without the firewall) and that allow local connections.

Also, in the installation path for the Endpoint Client there is a file named DisconnectedPolicy.xml which only contains one row:
"FILE DOES NOT EXIST"

Is the solution to check in the ttm-files or how is the disconnected policy applied?

Thanks!

 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2019-05-17 06:20 PM

The fact the firewall is blocking anything when you installed Mobile is a problem.
Recommend engaging with the TAC.
0 Kudos
Per_Opel
Explorer
‎2019-05-20 09:51 PM
In response to PhoneBoy

When Checkpoint mobile is isntalled (without the firewall) the connections are allowed.

So this is only happening when firewall is enabled in the client and the client is disconnected due to location awareness.

I've a TAC case opened but I also posted a question here if someone has seen this issue before.

0 Kudos
514numbers
Contributor
‎2020-10-25 04:57 PM

Easy fix. Simply go in the global properties, remote access, vpn - advanced - from there, first section is set to "dropped" by default. Change this to "sent in clear".

Policy install. Once users get re-authenticated, they will retrieve new value. Once they disconnect, they will be able to access internet resources according to your Desktop Security Policy.

probably too late but perhaps others will see this.

cheers.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events