Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Andrey_Ganichev
Participant
Participant
Jump to solution

allow connections only users with EC and policy from SmartEndpoint.

Hello,

How I can restirct users with Endpoint client (remote acccess) only and allow only users with Endpoint client with policy from SmartEndpoint?
Should I try setting up SVC on the VPN GW R80.20?

Andrey

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend

If you use Enterprise Security VPN clients with FW (Desktop policy defined in Dashboard), there is a simple solution: After a certain date, change the Inbound and Outbound Rules in Dashboard to Drop instead of Encrypt 😎

On next connection, these clients will load the new policy and be unable to connect anymore ! EPS clients will not use this policy.

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
8 Replies
G_W_Albrecht
Legend Legend
Legend

Can you explain - maybe using examples of which kind of behaviour you want and which not - what restrictions you speak of ?

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Andrey_Ganichev
Participant
Participant

Currently all users connect to R80.20 Gateway using Endpoint clients (Windows and MacOS). We plan to use Harmony SmartEndpoint server for deploy policy (Firewall, compliance, anti-malware and etc.) for remote users. So we would like to restrict old users with Endoint client without Policy connect to GW and allow only users with clients deployed from exported package from SmartEndpoint server.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

If you use Enterprise Security VPN clients with FW (Desktop policy defined in Dashboard), there is a simple solution: After a certain date, change the Inbound and Outbound Rules in Dashboard to Drop instead of Encrypt 😎

On next connection, these clients will load the new policy and be unable to connect anymore ! EPS clients will not use this policy.

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Andrey_Ganichev
Participant
Participant

Thank you for solution.
Unfortunately we don't use Desktop Policy defined in Dashboard, only remote access vpn.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Then change to use Desktop Policy defined in Dashboard - that is easy !

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Andrey_Ganichev
Participant
Participant

Thank you. I will check the solution.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

I think you are just using the pre-defined default Desktop Policy found in old Dashboard and do not realize that - it only tells the client to encrypt outgoing and decrypt ingoing packets, that is just the usual VPN client behaviour ! You can see that in old Dashboard.

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend

Also see Remote Access VPN R81 Administration Guide p.82 for details and the note:

If you use Endpoint Security VPN as part of the Check Point Endpoint Security Suite, you can configure if your client Firewall comes from Desktop Security in SmartDashboard or SmartEndpoint.

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events