CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.

First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E


Results 1 to 5 of 5

Thread: VPNs restricted to Endpoint Security Clients?

  1. #1
    Join Date
    Rep Power

    Default VPNs restricted to Endpoint Security Clients?

    for some weeks now we own a Enpoint Security Server and don't really like it... One problem is that you can bypass all ESS-policies by just using an "old" VPN-client like SecuRemote. In this case all VPN traffic is handled by our utm-1 gateway alone, without bothering the ESS server at all. Is there any way to restrict connections to VPN-clients from a specific version upwards?

    Thanks and kind regards,

  2. #2
    Join Date
    Rep Power

    Default Re: VPNs restricted to Endpoint Security Clients?

    Hi anjin,

    Not sure that I understanding you correctly. What do you mean that can bypass EPS policies by connecting with old securemote?
    What is the version of Enpoint Security Server that you are using?
    If this is R73 you can configure 3 types of policies:

    1. Connected -Directly connected to EPS server (Corporate policy)
    2. Disconnected - No direct connection to EPS server
    3. VPN - Connected to VPN GW

    You can configure very restrictive disconnected policy that will block all traffic to your internal resources from internet. You also can block TCP/ UDP 500 that used by securemote but not used by new endpoint connect (all VPN negotiation over 443).
    VPN policy you can configure with access to internal resources. You will get VPN policy only by connecting with VPN client integrated into EPS client and not with securemote. Playing with Program Control you can block securemote processes, however this will limit you to use only endpoint connect engine in EPS client.

    Hope this helps


  3. #3
    Join Date
    Rep Power

    Default Re: VPNs restricted to Endpoint Security Clients?

    Starting E80.41, Check Point Endpoint Security is supported on Windows 8, including new Unified Extensible Firmware Interface support (UEFI).

    In this release, we are offering four flavors of our software:

    Endpoint Security E80.41 Clients for Windows - Endpoint Security Suite for Windows, including Windows 8 support and all essential components for total security on the endpoint: Compliance, Anti-Malware, Media Encryption and Port Protection, Firewall and Application Control, Full Disk Encryption, WebCheck, and Remote Access VPN. We support upgrade from VPN Clients to the Endpoint Security Clients. This allows existing Remote Access Clients to add additional Security Blades.
    Endpoint Security VPN and Remote Access VPN E80.41 Clients for Windows - Starting from this release, Remote Access VPN Clients are part of the Endpoint Security offering, providing the next release of E75.30, including all flavors. The E75 Remote Access Clients series was previously known as Endpoint Security VPN R75.
    Endpoint Security E80.41 Client for Mac OS X - Including Firewall for desktop security, Compliance, Full Disk Encryption and VPN for transparent remote access to corporate resources.
    Endpoint Security VPN E80.41 Client for Mac OS X - Provides enhancements and resolves issue for Endpoint Security VPN for Mac E75.

  4. #4
    Join Date
    San Francisco, CA
    Rep Power

    Default Re: VPNs restricted to Endpoint Security Clients?

    Who do you mean by "we"? Check Point? Your company?

    Please go easy on the spamminess. I've sent you a private message.

    The signal-to-noise ratio here is very high; if you're just spewing marketing talk people are going to get upset and I'm going to bring out the spam hammer.
    Barry J. Stiefel ("Stee-ful" or "Shtee-ful")
    Resilience RCSE/RCSI, Fortinet FCSE
    Founder of CPUG
    Founder of CPUG University

  5. #5
    Join Date
    Gig Harbor, WA, USA
    Rep Power

    Default Re: VPNs restricted to Endpoint Security Clients?

    Just a cursory glance of this company's website suggests they have nothing to do with Check Point at all.
    Torontosecurity's response doesn't even make sense given the original question, either.
    Unless otherwise noted, views expressed are my own

Similar Threads

  1. Multiple Endpoint Connect errors with multiple clients
    By mhicks in forum SecureClient/SecuRemote
    Replies: 9
    Last Post: 2011-07-19, 11:32
  2. Endpoint Security Windows 7
    By Hugin in forum SecureClient/SecuRemote
    Replies: 0
    Last Post: 2011-02-06, 08:06
  3. ClusterXL in Unicast mode with VPNs to third party VPNs
    By ppetrovic in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 3
    Last Post: 2010-09-02, 20:14
  4. Endpoint Security
    By Lev Shturmer in forum Secure Access
    Replies: 1
    Last Post: 2009-05-05, 19:23
  5. Endpoint Security
    By CSING in forum Secure Access
    Replies: 4
    Last Post: 2008-02-22, 09:22

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts