This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jones_Jardel_Po
Contributor
‎2019-03-19 11:05 AM

Secure Configuration Verification

Hello guys!

I'm trying to be sure about the features who will help me to enforce the SCV policy to the endpoints.

What are the ways to push the SCV policy to the endpoints?

1 - Using Mobile blade? (needs to have a license)

2 - Using Policy Server to deploy a Desktop policy? (needs to have a license of CPSM-CONP-E)

 

Please, let me know if my understanding is right and if there are other options to push (to enforce) the SCV.

 

Thank you, guys!

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2019-03-19 02:48 PM

When you push Desktop Policy, it is pushed to the Security Gateway. The client, when it connects, runs SCV checks locally. The gateway decides to allow you (or not) based on the SCV checks.

I don't believe Mobile Access Blade supports SCV.

0 Kudos
Lithin_Mathew
Contributor
‎2020-10-02 01:07 AM
In response to PhoneBoy

Hi @PhoneBoy ,

Currently we are running the gateway with MOB-U (SSL-U) unlimited license, is it enough to deploy SCV.

Do we need any additional license on the Security Gateway or the Management Server.

Thank you!!!

 

 

 

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2020-10-02 04:25 AM
In response to Lithin_Mathew

According to sk147416 - Secure Configuration Verification (SCV) this is only enforced by Endpoint Security Client, VPN StandAlone or Full Suite version. Only these have a Desktop Policy - Mobile or SNX can not do SCV at all !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
PhoneBoy
Admin
Admin
‎2020-10-02 09:28 AM
In response to G_W_Albrecht

Actually Check Point Mobile also supports SCV.
You may need to configure it to skip checking for a desktop policy, though: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Lithin_Mathew
Contributor
‎2020-10-04 12:47 AM
In response to PhoneBoy

Thank you @PhoneBoy  and @G_W_Albrecht  for the details,

Currently we are using Endpoint Security VPN with the below license:

CPAP-SG1540X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-SSLVPN-U CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSG-VSX-10S CPSB-IPS CPSB-URLF CPSB-APCL CPSB-AV CPSB-ABOT-L CPSB-ASPM CPSB-CTNT 

Could you confirm if the license is all that's needed to proceed with SCV.

Also could anyone explain me the difference between Checkpoint Mobile and Checkpoint Endpoint Security VPN (Use cases).

 

0 Kudos
PhoneBoy
Admin
Admin
‎2020-10-04 11:51 PM
In response to Lithin_Mathew

From a licensing perspective yes.

Endpoint Security VPN includes a desktop firewall that can be managed either as part of the Desktop Policy on a Gateway (blade must be enabled on the gateway object) or via Endpoint Security Management.
It's also included with SandBlast Agent, which includes compliance checks configured on Endpoint Management.
Endpoint Security VPN/SBA is licensed per installed host.

Check Point Mobile does not include a desktop firewall and is licensed per concurrent connection with the gateway.
It can be used with Mobile Access Blade.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top