- CheckMates
- :
- Products
- :
- Quantum
- :
- Remote Access VPN
- :
- Re: CheckMate Labs Issues
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CheckMate Labs Issues
Hello!
I'm new to checkpoint world and I loved CheckMate labs, thanks. I would like to ask a few questions as a beginner and maybe point two bugs that I noticed.
Bug 1) The site claims Note that in 4 hours the environment will shut down. You will get a notification to extend the environment time, from this page, an hour before the it shut down. - however I never saw this notification to extend the environment period. I'm using Chrome. Is this feature still available? I also checked my email to see if the notification arrived, but just when the lab is created or deleted.
Bug 2) I followed the documentation for R80.40 CheckMate labs called Mobile Access Blade & VPN Client Lab - at page 36 it says to use win-dc as primary DNS server however it fails with an error "The value must be in the range 2 - 32767". I double checked and the hostname is configured with the proper IP. Is it a bug maybe?
Question) My interest is in the VPN service that I was able to replicate. I used with an workstation running the last Check Point Endpoint security client and it connects fine. I want to configure to test secure client verification to validate for example if my antivirus is running and my machine is on my domain. I saw compliance options inside Mobile Web Access, at the rules dashboard there is a link to open a new dashboard that allows me to create a new rule or edit the 3 defaults (high, medium and low), however it never runs on my client. I searched and my guess is that it only works with mobile vpn client and not Check Point Endpoint Security (that if I understood properly is stronger -so I prefer use it to test). I found this article (https://namitguy.blogspot.com/2020/04/implementing-secure-client-verification.html) suggesting that I have to enable a special feature at Remote access -> Secure Configuration Verification. However I don't see it on the CheckMate labs. Maybe is it a feature on old version? Doesn't exist anymore?
Also, it says to enable IPSEC and Policy Server feature, and than a policy named desktop security. All fine, except that the rules at desktop security appears to be related with inbound and outbound rules and not process checks for example. What am I missing?
Also, once it's enable the only way to create the rules is editing the file mentioned with vi (command-line)?
The official pdf looks more or less the same https://community.checkpoint.com/t5/Remote-Access-VPN/White-Paper-Check-Point-Compliance-Checking-wi...
I could not find, is there any command (command line) to verify if secure client verification is enabled and my checkpoint is using the current local.csv file?
I'm sure I'm doing something wrong. 😞
- Labels:
-
Mobile Access Blade
-
Windows
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I saw your other thread on SCV and responded to those issues there.
For the CheckMates Labs, a few things:
- These are the same blueprints that our employees and partners have access to with a couple differences:
- The time is shorter (3 hours, I believe)
- You cannot extend them (behavior is by design)
- For the other issue, can you provide a screenshot or similar?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hey @PhoneBoy thank you for your answer
I understood about CheckMates Labs... as I'm a new student sometimes 3 hours is not enough and I have to reconfigure all again to continue from where I stopped. Is there a easy way to replicate my previous config when my 3 hours finish?
My question about SCV was not very clear and i'm sorry about it. I was able to test it, my main question is that i understand that Mac computers are not validated and it's fine, but I cant deny them to log on my VPN which make these SCV validation easy to bypass. How can I enforce that only Windows clients are allowed to log into my vpn?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Shay_Levin can you please look into this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your help @_Val_! Vert appreciated
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am getting "Environment not available" error while accessing checkpoint LABs