Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Julian_Sanchez
Collaborator

Compliance Endpoint Security

Hello guys,

We have a customer that have the most of their employes working remote. In addition, they have configurate the Remote Access VPN, and now they have a question about the compliance. For example, I have this questions: 

1. Is possible that compliance can validate that only can connect to Remote VPN desktops of domain? 

2. Is possible if the connect is sucessful, take the policies that are configurated in the firewall as if the employ is in the LAN company? 

3. Is possible block or not allowed connections of cellphones?

I was reading about Endppoint Security Compliance on Demand that can be configurated in global propierties, and another solution is SCV Secure Configuration Validation altough is like me more hard. What is the best way? or What tool offer us configurate the requierements? 

Thanks for your advices. 

 

0 Kudos
7 Replies
PhoneBoy
Admin
Admin

1. This can be done with SCV or Endpoint Compliance, the latter of which is easier to configure and works on Macs and PCs (SCV is Windows only currently).

2. You would have to “route all traffic” back to headquarters, which may not be desirable. That said it would be possible using the other Harmony components to achieve a similarly configured policy for VPN endpoints without routing all traffic back to the corporate office.

3. You can restrict which types of VPN clients that can connect globally to prevent mobile phones (or other client types) from connecting if desired. This doesn’t even require Endpoint Compliance.

Julian_Sanchez
Collaborator

Thank you for your answer. Relly useful. Only last question or doubt about the SCV or Endpoint Compliance. If I want to use Endpoint Compliance it work with the Endpoint Security only for VPN, the client normal or not? 

vpn.PNGendpoint.PNG

Or for use Endpoint Compliance I need the agent of SBA? regards

0 Kudos
Ruan_Kotze
Advisor

The Check Point Mobile client is fine for what you want to do. You do not need the SBA.

0 Kudos
PhoneBoy
Admin
Admin

Harmony Endpoint (formerly SandBlast Agent) does offer additional features.
Endpoint Security VPN is sufficient to use Compliance, however.
SCV can be used on Check Point Mobile (in addition to Endpoint Security VPN).

0 Kudos
Julian_Sanchez
Collaborator

Hello, 

I have a question acording to the point 3. I disable or un check for preventing mobile phones. However if I want to give exclusions is possible? or block all phones?

 

 

0 Kudos
PhoneBoy
Admin
Admin

The setting for which clients are allowed to connect is global (meaning either all of X-type clients are allowed to connect or none).
You can create (and use) Access Roles to control who is allowed to do what from what type of client once they are connected.

0 Kudos
Ruan_Kotze
Advisor

Regarding point 1 - I posted a detailed walkthrough of implementing domain membership validation for VPN clients on my blog.