This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Andrey_Ganichev
Participant
Participant
‎2021-05-31 01:41 AM
Jump to solution

allow connections only users with EC and policy from SmartEndpoint.

Hello,

How I can restirct users with Endpoint client (remote acccess) only and allow only users with Endpoint client with policy from SmartEndpoint?
Should I try setting up SVC on the VPN GW R80.20?

Andrey

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
MVP Silver
MVP Silver
‎2021-05-31 05:09 AM
In response to Andrey_Ganichev
Jump to solution

If you use Enterprise Security VPN clients with FW (Desktop policy defined in Dashboard), there is a simple solution: After a certain date, change the Inbound and Outbound Rules in Dashboard to Drop instead of Encrypt 8)

On next connection, these clients will load the new policy and be unable to connect anymore ! EPS clients will not use this policy.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
8 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2021-05-31 02:41 AM
Jump to solution

Can you explain - maybe using examples of which kind of behaviour you want and which not - what restrictions you speak of ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Andrey_Ganichev
Participant
Participant
‎2021-05-31 02:54 AM
In response to G_W_Albrecht
Jump to solution

Currently all users connect to R80.20 Gateway using Endpoint clients (Windows and MacOS). We plan to use Harmony SmartEndpoint server for deploy policy (Firewall, compliance, anti-malware and etc.) for remote users. So we would like to restrict old users with Endoint client without Policy connect to GW and allow only users with clients deployed from exported package from SmartEndpoint server.

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2021-05-31 05:09 AM
In response to Andrey_Ganichev
Jump to solution

If you use Enterprise Security VPN clients with FW (Desktop policy defined in Dashboard), there is a simple solution: After a certain date, change the Inbound and Outbound Rules in Dashboard to Drop instead of Encrypt 8)

On next connection, these clients will load the new policy and be unable to connect anymore ! EPS clients will not use this policy.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Andrey_Ganichev
Participant
Participant
‎2021-05-31 05:24 AM
In response to G_W_Albrecht
Jump to solution

Thank you for solution.
Unfortunately we don't use Desktop Policy defined in Dashboard, only remote access vpn.

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2021-05-31 06:06 AM
In response to Andrey_Ganichev
Jump to solution

Then change to use Desktop Policy defined in Dashboard - that is easy !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Andrey_Ganichev
Participant
Participant
‎2021-05-31 06:14 AM
In response to G_W_Albrecht
Jump to solution

Thank you. I will check the solution.

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2021-05-31 06:18 AM
In response to Andrey_Ganichev
Jump to solution

I think you are just using the pre-defined default Desktop Policy found in old Dashboard and do not realize that - it only tells the client to encrypt outgoing and decrypt ingoing packets, that is just the usual VPN client behaviour ! You can see that in old Dashboard.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2021-05-31 07:59 AM
In response to G_W_Albrecht
Jump to solution

Also see Remote Access VPN R81 Administration Guide p.82 for details and the note:

If you use Endpoint Security VPN as part of the Check Point Endpoint Security Suite, you can configure if your client Firewall comes from Desktop Security in SmartDashboard or SmartEndpoint.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events