Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
afranklin
Participant

CheckMate Labs Issues

 

Hello!

I'm  new  to checkpoint world and I loved CheckMate labs, thanks. I would like to ask a few questions as a beginner and maybe point two  bugs that I noticed.

Bug 1) The site claims Note that in 4 hours the environment will shut down. You will get a notification to extend the environment time, from this page, an hour before the it shut down. - however I never saw this notification to extend the environment period. I'm using Chrome. Is this feature still available? I also checked my email to see if the notification arrived, but just when the lab is created or  deleted.


Bug 2) I followed the documentation for R80.40 CheckMate labs called Mobile Access Blade & VPN Client Lab - at page 36 it says to use win-dc as primary DNS server however it fails with an error "The value must  be in the range 2 - 32767". I double checked and the hostname is configured  with the proper IP. Is it a bug maybe?

Question) My interest is in the VPN service that I was able to replicate. I used with an workstation running the last Check Point Endpoint security client and it connects fine. I want to configure to test secure client verification to validate for example if my antivirus is running and my machine is on my domain. I saw compliance options inside Mobile Web Access, at the rules dashboard there is a link to open a new dashboard that allows me to create a new rule or edit the 3 defaults (high, medium and low), however it never runs on my client. I searched and my guess is that it only works with mobile vpn client and not Check Point Endpoint Security (that if I understood properly is stronger -so I prefer use it to test). I found this article (https://namitguy.blogspot.com/2020/04/implementing-secure-client-verification.html) suggesting that I have to enable a special feature at Remote access -> Secure Configuration Verification. However I don't see it on the CheckMate labs. Maybe is it a feature on old version? Doesn't exist anymore?

Also, it says to enable IPSEC and Policy Server  feature, and than a policy named desktop security. All fine, except that the rules at desktop security appears to be related  with inbound and outbound rules and not process checks for example. What am I missing?

Also, once it's enable the  only way to create the rules is editing the file mentioned with vi (command-line)?

The official pdf looks more or less the same https://community.checkpoint.com/t5/Remote-Access-VPN/White-Paper-Check-Point-Compliance-Checking-wi...

I could not find, is there any command (command line) to verify if secure client verification is enabled and my checkpoint is using the current local.csv file?

I'm sure I'm doing something wrong. 😞

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

I saw your other thread on SCV and responded to those issues there.
For the CheckMates Labs, a few things:

  • These are the same blueprints that our employees and partners have access to with a couple differences:
    • The time is shorter (3 hours, I believe)
    • You cannot extend them (behavior is by design)
  • For the other issue, can you provide a screenshot or similar?
0 Kudos
afranklin
Participant

hey @PhoneBoy thank you for your answer

I understood about CheckMates Labs... as I'm a new student sometimes 3 hours is not enough and I have to reconfigure all again to continue from where I stopped. Is there a easy way to replicate my previous config when my 3 hours finish?

My question about SCV was not very clear and i'm sorry about  it. I was able to test it, my main question is that i understand that Mac computers are not validated and it's fine, but I cant deny  them to log on my VPN which make these SCV validation easy to bypass. How can I enforce that only Windows clients are allowed to log into my vpn?

0 Kudos
_Val_
Admin
Admin

@Shay_Levin can you please look into this?

0 Kudos
afranklin
Participant

 

Thank you for your help @_Val_! Vert appreciated

0 Kudos