This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
StevePearson
Collaborator
4 weeks ago
Jump to solution

Remote access requirements

I have a site that is using the Remote Access VPN client to connect to a Spark 1600 cluster.

As part of some improvements, they what to manage the cluster with Smart-1 Cloud and report using SmartEvent, which doesn't appear to be a problem, but they also want to start doing checks on connecting remote users to ensure that the endpoint is running a supported OS, latest updates and that they have endpoint protection installed and up to date. (third party endpoint that they are not looking to change)

It's been suggested to use SCV, which I believe will require CPEP-Access licenses on the management server, but I can't find out if Smart-1 Cloud actually supports SCV!

Can anyone confirm this at all (either way), or suggest a different way to do this?

I had wondered about using the Endpoint Prevent client, turning off everything but the VPN blade and adding the Posture management Add-on. Probably over the top but it would have the added advantage of being able to manage and update the clients remotely as apposed to the manual upgrading of the Remote Access VPN client.

Another option may be to drop the VPN client entirely and use SASE instead, but again may be over the top.

0 Kudos
1 Solution

Accepted Solutions
the_rock
MVP Platinum
MVP Platinum
4 weeks ago
Jump to solution

Sounds like harmony endpoint would be needed here.

Andy

Best,
Andy

View solution in original post

4 Replies
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
4 weeks ago
Jump to solution

SCV is not supported with Spark appliances, regardless of management platform. 

the_rock
MVP Platinum
MVP Platinum
4 weeks ago
Jump to solution

Sounds like harmony endpoint would be needed here.

Andy

Best,
Andy
the_rock
MVP Platinum
MVP Platinum
4 weeks ago
In response to the_rock
Jump to solution

@StevePearson  You may want to check with TAC if there is another way...see what they say.

Andy

Best,
Andy
0 Kudos
PhoneBoy
Admin
Admin
3 weeks ago
Jump to solution

It's not explicitly listed in the Smart-1 Cloud Known Limitations.
The main issue with SCV is that you have to modify files on the management.
Which means it will require TAC assistance to apply these changes.

Note that if you're using a SAML Provider as your authentication source, you can implement compliance checks in the Identity Provider.
Also, if you're using the CPEP-ACCESS licenses, you have access to the Endpoint Compliance and Firewall features of Harmony Endpoint.
This doesn't require using SCV or installing the full Harmony Endpoint client, just the standalone client (pick Endpoint Security VPN "flavor").

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events