This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HeikoAnkenbrand
MVP Platinum
MVP Platinum
‎2024-08-28 02:54 AM
Jump to solution

Standalone Remote Access VPN Client + Posture Checks

Is it possible to perform posture checks with the latest ‘Standalone E88.50 Remote Access VPN Clients for Windows’?

Background to my question:

A customer wants to avoid using the ‘Remote Access VPN client’ on private PC. The user could install the software on his private PC and then set up a VPN tunnel to the company.

Are there posture checks here so that you can check whether the “Remote Access VPN Client”  software only works on company PCs?

I had thought of something like this:
- Certificate check whether a company certificate is available.
- Check whether a company registry key is set.
- and and and

Is this possible with ‘Inline Layer’ or ‘Order Layer’?
The idea is to query the user certificate first and then the machine certificate if necessary.

Or perhaps with IA rule to use both certificates (user certificate and machine certificate).

Does anyone here have any ideas?

I have not found anything on this in the following documents:
- R81.20 Remote Access VPN Administration Guide
- Remote Access VPN Clients for Windows Admin Guide
- Remote Access TTM Configuration (sk75221)
- E88.x Remote Access VPN Clients
- E87.x Remote Access VPN Clients

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
1 Solution

Accepted Solutions
AkosBakos
MVP Silver
MVP Silver
‎2024-08-28 04:33 AM
Jump to solution

Hi @HeikoAnkenbrand,

Maybe the  Secure Configuration Verification - Advanced can be useful in this situation.

What if you check the logged in user is a DOMAIN user in the companies AD?

"Groupmonitor"

 

Cheers,

Akos

----------------
\m/_(>_<)_\m/

View solution in original post

4 Replies
D_W
Advisor
‎2024-08-28 03:33 AM
Jump to solution

Proposal: Allow authentication only with password AND certificate. Only Company Devices receive the cert and you also include a second factor.

AkosBakos
MVP Silver
MVP Silver
‎2024-08-28 04:33 AM
Jump to solution

Hi @HeikoAnkenbrand,

Maybe the  Secure Configuration Verification - Advanced can be useful in this situation.

What if you check the logged in user is a DOMAIN user in the companies AD?

"Groupmonitor"

 

Cheers,

Akos

----------------
\m/_(>_<)_\m/
HeikoAnkenbrand
MVP Platinum
MVP Platinum
‎2024-08-28 05:44 AM
In response to AkosBakos
Jump to solution

Hi @AkosBakos,

I was probably blind when reading the manuals 😉

Thank you very much, that's exactly what I was looking for.

Cheers,
Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-08-28 05:53 AM
In response to AkosBakos
Jump to solution

Thought you could set it below, but guess not, has to be done through local.scv file...

Andy

 

Screenshot_1.png

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events