Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ajax
Explorer

Compliance blade Endpoint security client

Hi all!

I try to configure Compliance Policy for remote access VPN clients (endpoint security) in my LAB network, and have some troubles with this. My lab: Checkpoint Cluster 81.10 , JHF take 170

I create Compliance policy, where define, for what users this policy must work. In this policy i check Antivirus (McAffee for test), and set Action "Restrict" , if client machine don't have Antivirus McAffee.

Ok, after that i create endpoint client package, deploy it to client machine, install, and try to check, how it's work.

But.. It's not work..

What i have now:

Endpoint Client connect to CP by VPN (it's work!)

Client had check for compliance (for enabled blades). After i see, that client not compliante, because don't have McAffee AV. And after 5 minutes (5 heartbeat * 60 seconds), client change state to Restricted.

But!

Client still has access to internal network!! And after 5 minutes and after 10 minutes and so on

Nobody change, the internal network remains available.

 

What i did incorrectly?

I check documectation , and found that (in Harmony Endpoint Administration guide https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/...)

  • Restricted state rule is enforced when an endpoint computer is not in compliance with the enterprise security requirements. In this state, you usually choose to prevent users from accessing some, if not all, network resources. You can define a Restricted policy for only some of the Endpoint Security components

Where Compliance don't have Restricted actions.

Is this mean, that Restricted Action don't work for Compliance Rules??

I hope somebody can explain me, how it work..

0 Kudos
6 Replies
PhoneBoy
Admin
Admin

I'd start here to understand how this works: https://support.checkpoint.com/results/sk/sk162635 

0 Kudos
ajax
Explorer

Thank you for answer!

But, i read this sk, and still don't understand, why this function don't work?

My VPN-client now Restricted by compliance blade, but anyway has access to internal network through VPN (icmp and rdp as minimum). Why this access not blocked?!

0 Kudos
PhoneBoy
Admin
Admin

Have you configured any of the settings here?

image.png

0 Kudos
ajax
Explorer

Option "Apply Secure Configuration Verification" is not enabled.

In my Compliance config , i use "VPN client verification process will use Endpoint Security Compliance" (not VPN SCV compliance), therefore i think that "Apply Secure Configuration Verification" don't needed. 

Or needed?

0 Kudos
PhoneBoy
Admin
Admin

I agree, that might not be the right place.
What policy do you have for Restricted?
This is where you define what your clients can do when they are in a Restricted state.

image.png

0 Kudos
ajax
Explorer

Wow, i don't have Harmony Endpoint Server 😕

I have just CheckPoint 81.10 (JHF take 170) with Evaluate License and enabled blades:

On SMS:

Endpoint Policy Management

Compliance

On SG:

IPSEC VPN (with Policy Server)

Mobile Access

And i thoght this blades enough for deploying Harmony Endpoint Client to remote users and Compliance check..

I need Harmony Endpoint Server product additionally? Without him it's can't work?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events