This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
HeikoAnkenbrand
Champion Champion
Champion
2 hours ago

Standalone Remote Access VPN Client + Posture Checks

Is it possible to perform posture checks with the latest ‘Standalone E88.50 Remote Access VPN Clients for Windows’?

Background to my question:

A customer wants to avoid using the ‘Remote Access VPN client’ on private PC. The user could install the software on his private PC and then set up a VPN tunnel to the company.

Are there posture checks here so that you can check whether the “Remote Access VPN Client”  software only works on company PCs?

I had thought of something like this:
- Certificate check whether a company certificate is available.
- Check whether a company registry key is set.
- and and and

Is this possible with ‘Inline Layer’ or ‘Order Layer’?
The idea is to query the user certificate first and then the machine certificate if necessary.

Or perhaps with IA rule to use both certificates (user certificate and machine certificate).

Does anyone here have any ideas?

I have not found anything on this in the following documents:
- R81.20 Remote Access VPN Administration Guide
- Remote Access VPN Clients for Windows Admin Guide
- Remote Access TTM Configuration (sk75221)
- E88.x Remote Access VPN Clients
- E87.x Remote Access VPN Clients

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
2 Replies
D_W
Advisor
2 hours ago

Proposal: Allow authentication only with password AND certificate. Only Company Devices receive the cert and you also include a second factor.

0 Kudos
AkosBakos
Advisor
50m ago

Hi @HeikoAnkenbrand,

Maybe the  Secure Configuration Verification - Advanced can be useful in this situation.

What if you check the logged in user is a DOMAIN user in the companies AD?

"Groupmonitor"

 

Cheers,

Akos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events