This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LazarusG
Advisor
Advisor
‎2024-02-13 03:24 AM

what is the purpose of disconnected policy?

Hi

I hope you can help.

We have a requirement to prevent users on non-corporate networks from copying data to network devices such as a NAS - so this is network traffic not port protection and I guess it would fall under the firewall blade(?)

I was thinking I could use the disconnected policy (not defined by default) however the definition in the harmony manual is (paraphrased) 'Disconnected state rule is enforced when an endpoint computer is not connected to the Harmony Endpoint Security Mangement server - eg you can enforce a more restrictive policy if users are working from home and are not protected by organizational resources'

However, this suggests that the endpoint doesn't have internet access if it can't reach the cloud portal(?)

Is the disconnected policy a correct use case here? If so are there any examples of how to set it up (I dont seem to be able to find any). Would I have to define all corp networks as objects in the trust zone so that anything else is by default in the internet zone object?

If I want to limit access when not connected to corp resources would network location awareness be a more appropriate feature?

Many Thanks!

 

 

0 Kudos
8 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2024-02-13 04:05 AM

Specifics aside for the moment the use case you describe is typically where the EPM is on-prem and perhaps only contactable by VPN or similar.

Location awareness is often more about determining under what conditions a VPN connection should be attempted.

CCSM R77/R80/ELITE
0 Kudos
LazarusG
Advisor
Advisor
‎2024-02-13 07:49 AM
In response to Chris_Atkinson

Hi thanks for the clarification around NLA - although this is for endpoint harmony cloud. How can the endpoint know its not on a corporate network if it has internet access and therefore can always reach the cloud instance? If we only want to impose restrictions when not connected to corporate resources this suggests that this would be when not connected to vpn(?) 

How can I define all networks/services that are not trusted and disallow them in policy - but allow them if they are connected to a corporate environment.

Apologies If Im misunderstanding.

0 Kudos
Machine_Head
Advisor
Advisor
‎2024-02-13 08:02 AM
In response to LazarusG

client settings > general

 

firefox_rZgKAPPlBm.png

LazarusG
Advisor
Advisor
‎2024-02-13 08:26 AM
In response to Machine_Head

nice! thanks!

0 Kudos
LazarusG
Advisor
Advisor
‎2024-02-14 01:29 AM
In response to LazarusG

It would still be nice to have some kind of an example offline/disconnected policy in documentation or the manual. Our customer says they had this when they had an on-prem Endpoint server, Now they have ben challenged by auditors to prove offline file copies are not allowed and nothing exists in the portal. I'm uncertain how to go about constructing it.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-02-14 04:18 AM
In response to LazarusG

I agree, it would be beneficial.

Andy

Best,
Andy
0 Kudos
_Val_
Admin
Admin
‎2024-02-13 05:38 AM

I think you misunderstand the meaning of the policy. Let's see how it is defined in the admin guide:


Disconnected state rule is enforced when an endpoint computer is not connected to the Harmony Endpoint Security Management ServerFor example, you can enforce a more restrictive policy if users are working from home and are not protected by organizational resources. You can define a Disconnected policy for only some of the Endpoint Security components.

Then, there is an example of how functionalities can be defined:

_Val__1-1707831390860.png

It is up to you how to define the FW rules in the disconnected policy, and if you believe Internet connectivity should be allowed, you can do that.


 

the_rock
MVP Platinum
MVP Platinum
‎2024-02-13 06:05 AM

Pretty much what @_Val_ said is what TAC provided us while back.

Best,

Andy

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events