This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Julian_Sanchez
Collaborator
‎2021-03-09 06:27 PM

Compliance Endpoint Security

Hello guys,

We have a customer that have the most of their employes working remote. In addition, they have configurate the Remote Access VPN, and now they have a question about the compliance. For example, I have this questions: 

1. Is possible that compliance can validate that only can connect to Remote VPN desktops of domain? 

2. Is possible if the connect is sucessful, take the policies that are configurated in the firewall as if the employ is in the LAN company? 

3. Is possible block or not allowed connections of cellphones?

I was reading about Endppoint Security Compliance on Demand that can be configurated in global propierties, and another solution is SCV Secure Configuration Validation altough is like me more hard. What is the best way? or What tool offer us configurate the requierements? 

Thanks for your advices. 

 

0 Kudos
7 Replies
PhoneBoy
Admin
Admin
‎2021-03-09 11:15 PM

1. This can be done with SCV or Endpoint Compliance, the latter of which is easier to configure and works on Macs and PCs (SCV is Windows only currently).

2. You would have to “route all traffic” back to headquarters, which may not be desirable. That said it would be possible using the other Harmony components to achieve a similarly configured policy for VPN endpoints without routing all traffic back to the corporate office.

3. You can restrict which types of VPN clients that can connect globally to prevent mobile phones (or other client types) from connecting if desired. This doesn’t even require Endpoint Compliance.

Julian_Sanchez
Collaborator
‎2021-03-11 10:24 AM
In response to PhoneBoy

Thank you for your answer. Relly useful. Only last question or doubt about the SCV or Endpoint Compliance. If I want to use Endpoint Compliance it work with the Endpoint Security only for VPN, the client normal or not? 

vpn.PNGendpoint.PNG

Or for use Endpoint Compliance I need the agent of SBA? regards

0 Kudos
Ruan_Kotze
MVP Gold
MVP Gold
‎2021-03-11 10:27 AM
In response to Julian_Sanchez

The Check Point Mobile client is fine for what you want to do. You do not need the SBA.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-03-11 03:10 PM
In response to Julian_Sanchez

Harmony Endpoint (formerly SandBlast Agent) does offer additional features.
Endpoint Security VPN is sufficient to use Compliance, however.
SCV can be used on Check Point Mobile (in addition to Endpoint Security VPN).

0 Kudos
Julian_Sanchez
Collaborator
‎2021-03-24 07:55 AM
In response to PhoneBoy

Hello, 

I have a question acording to the point 3. I disable or un check for preventing mobile phones. However if I want to give exclusions is possible? or block all phones?

 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2021-03-24 10:22 AM
In response to Julian_Sanchez

The setting for which clients are allowed to connect is global (meaning either all of X-type clients are allowed to connect or none).
You can create (and use) Access Roles to control who is allowed to do what from what type of client once they are connected.

0 Kudos
Ruan_Kotze
MVP Gold
MVP Gold
‎2021-03-10 12:27 AM

Regarding point 1 - I posted a detailed walkthrough of implementing domain membership validation for VPN clients on my blog.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events