Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
RAlexander
Explorer
Jump to solution

Secure Configuration Verification

Hello
Tell me how to correctly add the item about checking whether the device is in the domain or not to the Secure Configuration Verification file?
I have it now and when I start the VPN it skips any device (below are two screenshots), the first is the parameters for checking whether the device is in the domain, the second is the parameters for checking and global parameters.
I do all the settings through the terminal on the gateway, in the vi editor, so that nothing goes.
And tell me, can there be only one policy file?
If so, is it possible that several criteria for verification are set in one file?
What's the point, in my organization there are several options for connecting to a VPN, from corporate devices and from personal devices to a VPN, so the result should be the following:
1. The vpn-users, vtn-term, vpn-route, vpn-constructors group should be checked.
2. If the user has a vpn-users group, then the domain computer is checked or not, if the domain computer is allowed, if the computer is not a domain computer, we do not let it.
3.If the user has a vpn-term group, vpn-routes, vpn-constractors, then the domain comp is checked or not, if the domain comp is not allowed, if the computer is not domainy, we check the Windows, antivirus and the relevance of the antivirus database. If there is at least one discrepancy, we do not let him in.
All groups and users are domain-specific.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Did you install policy after making changes as described here? https://support.checkpoint.com/results/sk/sk38702
SCV policy applies to all users equally, I believe.
Don't believe you can make specific policies for specific groups of users.
For more granular options, I suspect you'll have to use Endpoint Compliance features.

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

Did you install policy after making changes as described here? https://support.checkpoint.com/results/sk/sk38702
SCV policy applies to all users equally, I believe.
Don't believe you can make specific policies for specific groups of users.
For more granular options, I suspect you'll have to use Endpoint Compliance features.

0 Kudos
RAlexander
Explorer

Thanks for the answer.
Everything worked out,
he was inattentive and ruled the policy on the gateway, not on SMS.
But there is still a question with the implementation of my scenario. Are you saying to use Endpoint Compliance, is this when choosing Endpoint instead of Mobile when installing the agent?

0 Kudos
PhoneBoy
Admin
Admin

For the client piece, yes.
To use/manage such features, you need Harmony Endpoint and the appropriate licenses.

the_rock
Legend
Legend

Definitely harmony endpoint, as Phoneboy said. Its way more robust and has bunch of more features.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events