Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
vuhoanghoang
Explorer

File $FWDIR/conf/loca.scv don't apply to client

Hello everyone,

I have a stuck with the file scv. It use to apply compliant when VPN. 

My topology include 1 gateway checkpoint (IP x.16), 1 endpoint security managment (IP x. 30). It all version r81.10. Smartdashboard (network management) setup on endpoint security managment and add gateway by SIC. Getway don't have API (only use for firewall, vpn)
After i modify file scv, i go to smartdasboard to apply policy. The client still don't apply new compliant. 

I go back SMS to foler $FWDIR/state/local/PS

The file local.svc not change, that should be copy from /conf/local.scv to there. 

Could you advise to me how to troubleshoot it? Logs of smartdashboard don't show anything. 

0 Kudos
5 Replies
the_rock
Legend
Legend

Do you see anything useful if you generate logs from the vpn client itself as per below? This is once you right click on the vpn client tray -> vpn options 

Andy

Screenshot_1.png

 

vuhoanghoang
Explorer

thanks @the_rock , i'm check it.

Do you know how to view logs of compliance when user connect vpn successful. Such as, know who use connect vpn and have compliance with antivirus. 

the_rock
Legend
Legend

You can do below filter in the logs. I dont see specific one for SCV.

blade:VPN

Andy

0 Kudos
AndreiR
Employee
Employee

According to Configuring SCV Enforcement (checkpoint.com) from Admin guide, 

Important - SCV does not work without the Desktop policy. See Configuring a Desktop Firewall Policy

Make sure you have enabled Desktop Policy and Policy Server for IPsec VPN blade.

0 Kudos
girisht
Employee
Employee

Have you validated the sk38702 - How to enforce a Check Point SCV (Secure Configuration Verification) check using the local...?

Kindly validate the changes that need to be on under the smart console and changes pushed by the MGMT server to the gateway post editing the local.scv file.

You can also create rules like "Any -Any" under the desktop policy.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events