Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
earomero
Participant
Jump to solution

blade to isolate the equipment

Good morning, greetings from Argentina!

Today I had a computer incident with an endpoint and I isolated the equipment. I thought that this measure was implemented...but no, I attached a photo where it says that I do not have the necessary blade installed.
How can I install the blade necessary for this?

Muchas gracias, saludos!

0 Kudos
1 Solution

Accepted Solutions
lluner
Advisor

Selects the firewall checkbox and applies the policy by selecting the machine

2024-12-13_14-59.png

View solution in original post

0 Kudos
10 Replies
lluner
Advisor

hi @earomero 

Follow the image and put the name of the machine. On the screen you will see the blade that is not running

asset management --> organization ---> computersAjuda.png

0 Kudos
earomero
Participant

Hi!
I am sending you a photo of my assets. I don't see the isolate machine blade in capabilities. How can I install it?

0 Kudos
lluner
Advisor

hi @earomero 

Select the machine to know which blade is not showing

0 Kudos
lluner
Advisor

hi @earomero 

You have to install the firewall blade

 

erro_firewall.png

 

firewall_erro.png

0 Kudos
earomero
Participant

Thanks for the reply. Is it necessary to have XDR to deploy the firewall blade?

Saludos!

0 Kudos
lluner
Advisor

NO 

0 Kudos
earomero
Participant

OK! Thanks!
How can I install the firewall blade without having to reinstall the entire harmony on the endpoints?

0 Kudos
lluner
Advisor

Selects the firewall checkbox and applies the policy by selecting the machine

2024-12-13_14-59.png

0 Kudos
earomero
Participant

Genius, idol, crack!
Thank you very much!
I send you a big hug in the best Argentine style, with the warmth that it deserves!

0 Kudos
Swiftyyyyy
Participant

This might be considered potentially harmful advice without explaining the significant implications it may have.

Selecting to install a new blade via. deployment policy will result in the following:

  • Devices affected by the policy will immediately start to download the required packages, while this shouldn't be too significant for just the Firewall blade, we have had customer environments simply collapse if too many devices at once started pulling updates
  • The reconfiguration of blades on an installed systems WILL result in a reboot. Yes by default the client policy permits the user to postpone the operation, but once finished there will be a 2 minute timer to reboot without option of cancel. A notification should be done to users in most cases and some thinking should be done on when to deploy

Seeing as you don't appear to be too familiar with the Firewall blade keep in mind this WILL disable your existing Firewall (Windows Defender Firewall) and the DEFAULT policy for Check Point local Firewall is essentially Any Any Allow, meaning by just installing the Firewall blade without prior configuration of policy CAN and WILL reduce your over-all security posture.

Honestly, with how genuinely BAD the local firewall blade is to configure, I'd personally just deal with not having an isolate option.

Local firewall in its current iteration is embarrassing

  • It is in no way, shape or form Application Aware. Yes there is Application Control, but there is such a high barrier of entry to configuring that it's just not something you can manage in most environments
  • For an ENDPOINT product you really, genuinely should be able to do rules with "PROCESS NAME" as the Source field
  • There are no dynamic objects (not even one for EPMaaS for example)
  • You can't negate rules (for example using RFC1918 network group negated as a way to define the "Internet" isn't a thing you can do; you effectively have one network group you can negate by abusing the "Trusted" zone mechanic)
  • Sometimes rules don't catch if they're too precise and you resort to doing funky *ANY* rules just to get basic functionality

For a company whose bread and butter is the firewall the local firewall blade on Harmony Endpoint really needs to step up, because currently it's an outright downgrade of out-of-the-box Windows Defender Firewall with the only real perk being the Isolate functionality

(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events