Hi all!

I try to configure Compliance Policy for remote access VPN clients (endpoint security) in my LAB network, and have some troubles with this. My lab: Checkpoint Cluster 81.10 , JHF take 170

I create Compliance policy, where define, for what users this policy must work. In this policy i check Antivirus (McAffee for test), and set Action "Restrict" , if client machine don't have Antivirus McAffee.

Ok, after that i create endpoint client package, deploy it to client machine, install, and try to check, how it's work.

But.. It's not work..

What i have now:

Endpoint Client connect to CP by VPN (it's work!)

Client had check for compliance (for enabled blades). After i see, that client not compliante, because don't have McAffee AV. And after 5 minutes (5 heartbeat * 60 seconds), client change state to Restricted.

But!

Client still has access to internal network!! And after 5 minutes and after 10 minutes and so on

Nobody change, the internal network remains available.

What i did incorrectly?

I check documectation , and found that (in Harmony Endpoint Administration guide https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/...)

• Restricted state rule is enforced when an endpoint computer is not in compliance with the enterprise security requirements. In this state, you usually choose to prevent users from accessing some, if not all, network resources. You can define a Restricted policy for only some of the Endpoint Security components

Where Compliance don't have Restricted actions.

Is this mean, that Restricted Action don't work for Compliance Rules??

I hope somebody can explain me, how it work..