Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sergey_Anikeev
Contributor

SVC logs

Colleagues, hello!
Can you tell me, if it is possible to see the failed test SCV events in the gateway side logs?
We need "Not compliance" events on the user side to be displayed in the log server.


We use Secure Configuration Verification (SCV) for MAB VPN clients.

0 Kudos
8 Replies
G_W_Albrecht
Legend
Legend

According to sk147416 - Secure Configuration Verification (SCV) this should be possible!

CCSE CCTE SMB Specialist
0 Kudos
Sergey_Anikeev
Contributor

I have configured this SK, however, all that I see is ->1.JPG

0 Kudos
G_W_Albrecht
Legend
Legend

Sorry, i missed that you use SSL VPN (MAB) - SCV is only possible using IPSec VPN clients that enforce a Desktop policy. 

sk147416: The compliance checks is supported by Endpoint Security Client, Check Point Mobile for Windows, Full Suite version. According to Remote Access Clients for Windows 32/64-bit Administration Guide E80.72 and Higher (page 13).

CCSE CCTE SMB Specialist
0 Kudos
Sergey_Anikeev
Contributor

I apparently did not write exactly.
We use Mobile Access VPN Clients for Windows

2.JPG

0 Kudos
G_W_Albrecht
Legend
Legend

You must use the first option. EPS VPN ! SCV is only possible using IPSec VPN clients that enforce a Desktop policy. CP Mobile has no Desktop Policy (see sk73600 - Check Point Mobile fails to connect due to SCV  and  firewall policy check sk147416 - Secure Configuration Verification (SCV)).

CCSE CCTE SMB Specialist
0 Kudos
Sergey_Anikeev
Contributor

However, in this client I have a check.

1. A certain process is launched (the check was successful)

2.JPG

2. If a certain process is not found (the check was not successful):

1.JPG

Accordingly, the client either receives access via VPN or not.

0 Kudos
G_W_Albrecht
Legend
Legend

This was what i could find - i know that sk67820 lists Security Verification for Endpoint Devices also with Mobile and MAB / SNX, but sk73600 - Check Point Mobile fails to connect due to SCV firewall policy check and sk147416 - Secure Configuration Verification (SCV) state that SCV is only possible using Desktop policy. So better ask TAC !

CCSE CCTE SMB Specialist
0 Kudos
Sergey_Anikeev
Contributor

Thank you!

0 Kudos