This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
freeman91
Contributor
Tuesday

Harmony endpoint - VPN blade - pushing VPN parameter to the client

Hi,

I have around 150 deployed harmony endpoint client.

Those clients have four installed blades on them.

Those blades are Anti-Malware, Anti-Bot, Forensics, and Threat Extraction and Emulation.

For 15 clients, I need to install an additional blade called VPN.

For those 15 clients, I need to push the VPN parameters via Push operation.

In my research about  push operations, I found that when I click on push operations, then click on add, and choose what I want to push, meaning agent settings, I select the VPN site, and then choose the device on which I will perform the installation, and I pick all the necessary VPN parameters, such as the gateway name, the IP address, the fingerprint, and everything else, those settings are not pushed to the client side.

They are actually pushed, but within the installed VPN blade on the client side, those parameters are not visible. In other words, on the client side, the client has to manually enter the IP address, which is something I don’t want.
I want the IP address to already be entered just as I set it through the push operation.
 
am I doing somthing wrong?
 
0 Kudos
8 Replies
PhoneBoy
Admin
Admin
Wednesday

What version of client and is this managed on-prem (if so, by what version/JHF) or is this Infinity Portal?
Have you also reviewed: https://support.checkpoint.com/results/sk/sk179798 

0 Kudos
freeman91
Contributor
Thursday
In response to PhoneBoy

It is on  Infinity Portal. 

88.72.2001

Status of Push command is succesful, but on client side, clinet vpn does not get parameters that I fill in via Push command.

He needs to enter the manualy, and I do not like it.
Is this normal behavior or?

 

Screenshot_2.png

0 Kudos
PhoneBoy
Admin
Admin
Thursday
In response to freeman91

What does C:\ProgramData\CheckPoint\Logs\DAF\idafserver.log have to say on a client where you pushed?
Most likely TAC will be needed to assist with this.

0 Kudos
freeman91
Contributor
Thursday
In response to PhoneBoy

It is like 90k line of logs. Can you be more specific what to search for?

0 Kudos
PhoneBoy
Admin
Admin
Thursday
In response to freeman91

I don't know what exactly is in this file, but this is where the SK I pointed to previously said to look if a Push operation didn't work.
Best bet is to engage TAC.

0 Kudos
the_rock
Legend
Legend
Thursday
In response to freeman91

Not an endpoint expert by any means, but to me, that does not sound right/normal. Is it same for ANY endpoint machine?

Andy

0 Kudos
freeman91
Contributor
Thursday
In response to the_rock

for now, 4/4

non of them had VPN blade before

non of them received vpn parameters after push command.

but only after push operation, thay are able to manualy add or remove vpn sites. 
Even if I enable VPN, they was unable to enter them manualy until I push paratmeter to them.

0 Kudos
the_rock
Legend
Legend
Thursday
In response to freeman91

I dont know my friend, maybe TAC can check it? 

Izvini, nemam vise ideja lol

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events