Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Silver

Endpoint Connect VPN Compliance and scanning for Spyware

Hi there,

I wanted to enable basic compliance/posture check for Remote Access VPN clients connecting to my firewall. These clients are Office mode users and not SNX.

I guess and per my understanding, I don't need to have any licenses since I already have purchased 50 user Endpoint VPN/office mode licenses. So, by enabling "Scan Endpoint for spyware and compliance" in Global properties -> Remote Access -> Endpoint Connect and defining policies should suffice my need.

Or do I need to activate any other settings to make these settings enforce for the users?

Please confirm.

 

TIA

Blason R

0 Kudos
9 Replies
Highlighted
Admin
Admin

I believe that should suffice here.
However, that will only work if the endpoints have the full Endpoint client installed (as opposed to Check Point Mobile or SecuRemote).
0 Kudos
Highlighted

To use mobile access compliance, you need to enter via web sslvpn only. In other words, you cannot apply a compliance policy or Secure WorkSpace with the VPN client for Windows.

0 Kudos
Highlighted

In you enter on global properties/Remote Access/Endpoint Connect:

This feature only apply for CheckPoint GO Clients.

I have tested it by activating it for EndPoint Security and Mobile Client for windows and it does not work.

0 Kudos
Highlighted
Admin
Admin

There is a separate Compliance framework for Endpoint VPN clients managed by an Endpoint Security Server.
That does require appropriate licensing
0 Kudos
Highlighted
Silver

Hello,

So to clear the confusion - ESOD for mobile access blade will not work for Endpoint Client? And then there is a separate solution for Endpoint Client to maintain the compliance? Can I know what that solutions is? so that we can evaluate in our lab?

 

TIA 

Blason R

 

0 Kudos
Highlighted
Admin
Admin

Yes, ESOD is for Mobile Access Blade and NOT for Endpoint Client.
The Endpoint version of this is called Compliance Blade.
You can read about it here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos
Highlighted
Silver

Oh! This is EPM, so to achieve we need to have EPM licenses as well for Endpoint VPN clients connecting from home using office mode?

 

0 Kudos
Highlighted
Admin
Admin

Correct.
The other option is to use SCV which can be distributed from the Security Gateway but uses a different mechanism.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
0 Kudos
Highlighted

But ESOD Mobile is only for mobile ssl web not for client windows.

  • Client-based - Client application installed on endpoint computers and devices. Clients are usually installed on a managed device, such as a company-owned computer. The client supplies access to most types of corporate resources according to the access privileges of the user.
  • Clientless - Users connect through a web browser and use HTTPS connections. Clientless solutions usually supply access to web-based corporate resources.
  • On demand client - Users connect through a web browser and a client is installed when necessary. The client supplies access to most types of corporate resources according to the access privileges of the user.
0 Kudos