This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alex-
Leader Leader
Leader
‎2024-03-31 03:46 PM

Connection Awareness

According to the documentation, we can configure a ping to a destination or HTTP/S GET done every 30 seconds.

 

We looked at this feature for a fully segmented network behind a Quantum cluster doing the full Threat Prevention policing already.

We want to adjust some settings to avoid redundant use on some blades and extra processing time for users, for this we are looking at a connected/disconnected policy.

 

Here are the challenges we found:

  • The documentation doesn't speak much about ICMP behaviour, what is the frequency of pings and when is the system considered to be disconnected or connected again
  • For users behind VPN using split-tunnelling, we need some extra configuration like blocking ping to the inside destination in the firewall policy which looks a bit like a DIY approach
  • For our larger deployments with hundreds of endpoints, we are creating a sort of DDOS setup to an inside system
  • The client says Online when it can reach Internet but it's not clear for end-users or administrator if we are operating in connected or disconnected mode and its tracking
  • We need to set up at least two destinations to avoid having all clients to switch to disconnected should for instance the probed system require a reboot or similar which doubles the traffic.

 

Our clients would prefer a posture-based approach policy, like membership of subnet X and domain Y with DNS server being Z and assign them to a connected or disconnected status, which would then also address the situation of VPN users in split-tunneling.

4 Replies
MikeB
Advisor
‎2024-04-09 09:07 AM

you made this post in the wrong place (endpoint location). I suggest you post this in Quantum location.

0 Kudos
Alex-
Leader Leader
Leader
‎2024-04-10 12:12 AM
In response to MikeB

This post is for Harmony Endpoint Connection Awareness, I understand it wasn't directly clear from the start.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-04-09 04:02 PM

To be honest, it's not clear what the intended goal of all this is.
Can you explain?

0 Kudos
Alex-
Leader Leader
Leader
‎2024-04-09 10:37 PM
In response to PhoneBoy

This is about connected/disconnected endpoint policy mode.

We are providing complete security packages to our customers with Quantum and Harmony EpmaaS. 

The firewalls are doing full segmentation and all the blades are activated.

On Harmony Endpoint with EpmaaS, we would like to avoid running the full suite when users are in the office behind the firewall, instead a lighter version of the policy. When they're outside of the perimeter, the enhanced endpoint policy should be enforced.

However determine the connection awareness status isn't as straightforward as the documentation would imply, based on our tests and what is described in the initial post.

Connection Awareness

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events