This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
vuhoanghoang
Explorer
‎2023-03-06 02:39 AM

File $FWDIR/conf/loca.scv don't apply to client

Hello everyone,

I have a stuck with the file scv. It use to apply compliant when VPN. 

My topology include 1 gateway checkpoint (IP x.16), 1 endpoint security managment (IP x. 30). It all version r81.10. Smartdashboard (network management) setup on endpoint security managment and add gateway by SIC. Getway don't have API (only use for firewall, vpn)
After i modify file scv, i go to smartdasboard to apply policy. The client still don't apply new compliant. 

I go back SMS to foler $FWDIR/state/local/PS

The file local.svc not change, that should be copy from /conf/local.scv to there. 

Could you advise to me how to troubleshoot it? Logs of smartdashboard don't show anything. 

Labels
0 Kudos
5 Replies
the_rock
Legend
Legend
‎2023-03-06 06:51 AM

Do you see anything useful if you generate logs from the vpn client itself as per below? This is once you right click on the vpn client tray -> vpn options 

Andy

Screenshot_1.png

 

vuhoanghoang
Explorer
‎2023-03-06 07:22 AM
In response to the_rock

thanks @the_rock , i'm check it.

Do you know how to view logs of compliance when user connect vpn successful. Such as, know who use connect vpn and have compliance with antivirus. 

the_rock
Legend
Legend
‎2023-03-06 07:45 AM
In response to vuhoanghoang

You can do below filter in the logs. I dont see specific one for SCV.

blade:VPN

Andy

0 Kudos
AndreiR
Employee
Employee
‎2023-03-10 07:12 AM

According to Configuring SCV Enforcement (checkpoint.com) from Admin guide, 

Important - SCV does not work without the Desktop policy. See Configuring a Desktop Firewall Policy

Make sure you have enabled Desktop Policy and Policy Server for IPsec VPN blade.

0 Kudos
girisht
Employee
Employee
‎2023-03-24 03:35 AM

Have you validated the sk38702 - How to enforce a Check Point SCV (Secure Configuration Verification) check using the local...?

Kindly validate the changes that need to be on under the smart console and changes pushed by the MGMT server to the gateway post editing the local.scv file.

You can also create rules like "Any -Any" under the desktop policy.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top