This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
vinceneil666
Advisor
‎2020-04-14 11:43 PM

Endpoint Security, registration

Hi,

I have been playing around a bit with the Check Point Endpoint agent and the sandblast cloud portal. Got a few questions...

As of now I do have a few clients connected, running them for testing pourposes so I have enabled everything 🙂 , that means all blades.. So I got compliance, anti malware, media encrypt, firewall and application control..remote access vpn..anti bot.. all of em'.

Note that I do not as of now have an AD available, so I am using virtual groups in the management as I would with OU's to have different rules for different groups of machines. Working fine!

1. I have created software packages and copied them manually to my differenmt clients. They register/connect of course without issues. But I was wondering if there was some way of exporting the key or password ? So that a client could install the software from wherever and the just hit "register to management" --- is there an option for this at all ? I am lost on this..

2. Building the software package I was able to pre-define a VPN connection. But as far as I can see, this is static and will be pushed when the software is installed ? Say I want to change the VPN settings or add one more - there is no way of having this pushed out automatically ?? (Fortinet has this option in their client, and I like it! - they also have Software inventory and Identity in their agent, I like that to - but understand that this it not something CP wanna be looking into..at least not the software inventory bit 🙂 )

Any tips would be highly appreciated 🙂 

0 Kudos
12 Replies
PhoneBoy
Admin
Admin
‎2020-04-15 10:11 AM

Believe that installing your pre-built installation MSI exported from SmartEndpoint is enough to get the clients registered.
Also, when you update VPN settings on the gateway or add blades to a client profile, end users should automatically get updated next time they connect.
0 Kudos
vinceneil666
Advisor
‎2020-04-16 12:21 AM
In response to PhoneBoy

Hi,

Yes, absolutley - installing the prebuilt MSI will do that. What I was wondering was if there is any option for doing this connection in a manual way ? Using a password, key or anything else ? -this is not really an issue, I was just wondering about it when comparting it to other endpoint solutions.

 

Regarding VPN, let my try to explain in a different way.

Say that I have 50 users, all with the Endpoint installed and configured. When they installed the MSI packet the first time around, I predefined av VPN to HQ. 
But now I want all my users to get a second VPN connection available. I can ofcourse intruct my users to add this tunnel themself, but I was wondering if there was a way for me to push this configuration out to them ? 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2020-04-16 08:21 PM
In response to vinceneil666

Assuming both VPN gateways are managed by the same management server, they should get that information when they connect the next time.
0 Kudos
vinceneil666
Advisor
‎2020-04-16 11:53 PM
In response to PhoneBoy

I am refering to this: 

endpoint.JPG

0 Kudos
PhoneBoy
Admin
Admin
‎2020-04-17 03:27 PM
In response to vinceneil666

As far as I know, that information should get communicated to the VPN client the next time it connects to the site (after disconnecting).
0 Kudos
vinceneil666
Advisor
‎2020-04-20 01:53 AM
In response to PhoneBoy

Nope - it dont. 🙂 , at least not for me. I do wonder if Check Point pays Jackson Pollock royalties for their endpoint solutions 😄 

0 Kudos
PhoneBoy
Admin
Admin
‎2020-04-20 07:14 AM
In response to vinceneil666

Did you set the second gateway up as a MEP gateway?
0 Kudos
vinceneil666
Advisor
‎2020-04-22 12:23 AM
In response to PhoneBoy

I am not talking about any gateways 🙂 -- it is the SmartEndpoint deployment. Where you build the actuall package and controll the policy of the agent. 

0 Kudos
PhoneBoy
Admin
Admin
‎2020-04-22 10:15 AM
In response to vinceneil666

But the screenshot says VPN gateways?
0 Kudos
vinceneil666
Advisor
‎2020-04-24 12:04 AM
In response to PhoneBoy

Its is a completley different gateway out of my controll - lets say it is the VPN of a completley different company... This is related to deployment of the agent itself, where you can predefine VPN sites.

0 Kudos
PhoneBoy
Admin
Admin
‎2020-04-24 12:11 AM
In response to vinceneil666

I understand what the setting does.
As the screenshot implies, this only refers to configuration at initial installation.
Further updates to this setting come from the VPN gateway itself.
I don't believe you can add VPN gateways that are not controlled by you after the client was installed.
0 Kudos
vinceneil666
Advisor
‎2020-04-24 01:04 AM
In response to PhoneBoy

Hi, yes this is what I was wondering. Because other firewall suppliers having their own endpoint client, will give you the option of adding in VPN connections to the agent on the different clients. But Check Point does not support this it looks like

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events