Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
BD86
Explorer

Need help with Harmony Endpoint VPN client...

We're new to Checkpoint and have been hyper-focused on the rest of the infrastructure build during this transition away from our old firewalls/gateways to the new Checkpoint platform. One of the last pieces of this project is the end user's VPN access. 

We're coming from Cisco ASA's and using AnyConnect. I'm struggling at the moment to wrap my head around how this whole new VPN platform really works. We had a Checkpoint engineer configure it months ago during one of our meetings but now that we're at the point where we need to start using it on a mass scale and making changes... I have a ton of questions.

It's mostly just simple stuff too that I can't seem to figure out... like, where is the password lockout policy? How do I edit it? What is the "proper" way to add a user/computer to have VPN access? How do I see how many of our licenses are currently in use? Why was our first EPS package only 50MB but the new one I just exported is 750MB? .... stuff like this.

Is there is a good resource online that goes over the basics of this VPN platform?

(Note: we are only using the Remote Access VPN portion of Harmony Endpoint at this time, we aren't using the AV or other features)

0 Kudos
2 Replies
RS_Daniel
Collaborator

Hello,

What is the "proper" way to add a user/computer to have VPN access? --> AFAIK it is not controlled in a per user/pc basis, it is based on groups, by default all users can login on the vpn, if you wan tor estric this use a specidic LDAP group on the remote access community.: How to restrict the MS Active Directory Authentication for remote access VPN to specific AD Groups

How do I see how many of our licenses are currently in use? --> Many options.Numer 1 Easy Mobile User License Tool - Replaces "dtps lic".

Number 2 Smartconsole > Gateways and Servers > Click the gateway objetc > Device & License information > Remote User Tunnels.

Number 3 on CLI cpview > software blades > VPN > Remote Access Section.

Why was our first EPS package only 50MB but the new one I just exported is 750MB? --> Will let someone else to answare this one.

Is there is a good resource online that goes over the basics of this VPN platform? -->  Admin guide:

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_RemoteAccessVPN_AdminGuide/Topics-...

CheckPoint for Begginers, remote access chap:

https://community.checkpoint.com/t5/custom/page/page-id/CommunityBeginnersChild?cat=9

I am sure there are many other ways to check this information, a research in the community will be helpful.

HTH.

Regards

0 Kudos
PhoneBoy
Admin
Admin

Sounds like you initially deployed a "thin" EPS client initially and other blades were included in the subsequent one.
However, if all you're using is Remote Access, you don't even need to do it from Endpoint Management, but you can create custom installation packages of the Remote Access VPN clients (smaller than full Endpoint install) using the VPN Configuration Utility: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

You only need to use the Endpoint management to deploy features other than Remote Access VPN.

0 Kudos