Hello!
I'm new to checkpoint world and I loved CheckMate labs, thanks. I would like to ask a few questions as a beginner and maybe point two bugs that I noticed.
Bug 1) The site claims Note that in 4 hours the environment will shut down. You will get a notification to extend the environment time, from this page, an hour before the it shut down. - however I never saw this notification to extend the environment period. I'm using Chrome. Is this feature still available? I also checked my email to see if the notification arrived, but just when the lab is created or deleted.
Bug 2) I followed the documentation for R80.40 CheckMate labs called Mobile Access Blade & VPN Client Lab - at page 36 it says to use win-dc as primary DNS server however it fails with an error "The value must be in the range 2 - 32767". I double checked and the hostname is configured with the proper IP. Is it a bug maybe?
Question) My interest is in the VPN service that I was able to replicate. I used with an workstation running the last Check Point Endpoint security client and it connects fine. I want to configure to test secure client verification to validate for example if my antivirus is running and my machine is on my domain. I saw compliance options inside Mobile Web Access, at the rules dashboard there is a link to open a new dashboard that allows me to create a new rule or edit the 3 defaults (high, medium and low), however it never runs on my client. I searched and my guess is that it only works with mobile vpn client and not Check Point Endpoint Security (that if I understood properly is stronger -so I prefer use it to test). I found this article (https://namitguy.blogspot.com/2020/04/implementing-secure-client-verification.html) suggesting that I have to enable a special feature at Remote access -> Secure Configuration Verification. However I don't see it on the CheckMate labs. Maybe is it a feature on old version? Doesn't exist anymore?
Also, it says to enable IPSEC and Policy Server feature, and than a policy named desktop security. All fine, except that the rules at desktop security appears to be related with inbound and outbound rules and not process checks for example. What am I missing?
Also, once it's enable the only way to create the rules is editing the file mentioned with vi (command-line)?
The official pdf looks more or less the same https://community.checkpoint.com/t5/Remote-Access-VPN/White-Paper-Check-Point-Compliance-Checking-wi...
I could not find, is there any command (command line) to verify if secure client verification is enabled and my checkpoint is using the current local.csv file?
I'm sure I'm doing something wrong. 😞