Compliance Check

The Mobile Access Software Blade lets you use the Endpoint Security on Demand feature to create compliance policies and add more security to the network. Mobile devices and computers are scanned one time to make sure that they are compliant before they can connect to the network.

The compliance scanner is installed on mobile devices and computers with ActiveX (for Internet Explorer on Windows) or Java. The scan starts when the Internet browser tries to open the Mobile Access Portal.

Compliance Policy Rules

The compliance policy is composed of different types of rules. You can configure the security and compliance settings for each rule or use the default settings.

These are the rules for a compliance policy:

• Windows security - Microsoft Windows hotfixes, patches and Service Packs.
• Anti-Spyware protection - Anti-Spyware software.
• Anti-Virus protection - Anti-Virus software version and virus signature files.
• Firewall - Personal firewall software.
• Spyware scan - Action that is done for different types of spyware.
• Custom - Compliance rules for your organization, for example: applications, files, and registry keys.
• OR group - A group of the above rules. An endpoint computer is compliant if it meets one of the rules in the group.

Creating a Compliance Policy

By default, Endpoint Security on Demand only allows endpoint computers that are compliant with the compliance policy log in to the Mobile Access portal.

To create a compliance policy:

1. In SmartConsole, go to Manage & Settings > Blades.
2. In the Mobile Access section, click Configure in SmartDashboard.
3. In the Mobile Access tab, select Endpoint Security on Demand > Endpoint Compliance.
4. Click Edit policies.

   The Policies window opens.

5. Click New Policy.

   The Policies > New Policy window opens.

6. Enter the Name and Description for the policy.
7. Click Add.

   The Add Enforcement Rules window opens.

8. Select rules for the policy.

   You can also create new rules - click New Rule, and configure the rule settings.

9. Click OK.

   The Policies > New Policy window shows the rules for the policy.

10. Select Bypass spyware scan if necessary.

    When selected, the scan for endpoint computers that are compliant with the Anti-Virus or Anti-Spyware settings is changed. These computers do not scan for spyware when they connect to a Mobile Access Security Gateway.

11. Click OK.

    The Policies window opens.

12. Click OK.

Configuring Compliance Settings for a Security Gateway

The Firewall on a Mobile Access Security Gateway only allows access to endpoint computers that are compliant with the compliance policy.

This procedure shows how to configure the Laptop Computer policy for a Security Gateway.

To configure the compliance settings:

1. In SmartConsole, go to Manage & Settings > Blades.
2. In the Mobile Access section, click Configure in SmartDashboard.
3. In the Mobile Access tab, select Endpoint Security on Demand > Endpoint Compliance.
4. Select the Security Gateway and click Edit.

   The Endpoint Compliance page of the Security Gateway properties window opens.

5. Select Scan endpoint machine when user connects.
6. Select Threshold policy and from the drop-down menu select Laptop Computer.
7. Click OK.
8. Install the policy on the Mobile Access Security Gateway.

Secure Workspace

Secure Workspace is a security solution that allows remote users to connect to enterprise network resources safely and securely. The Secure Workspace virtual workspace provides a secure environment on endpoint computers that is segregated from the "real" workspace. Users can only send data from this secure environment through the Mobile Access portal. Secure Workspace users can only access permitted applications, files, and other resources from the virtual workspace.

Secure Workspace creates an encrypted folder on the computer called My Secured Documents and can be accessed from the virtual desktop. This folder contains temporary user files. When the session terminates, Secure Workspace deletes this folder and all other session data.

For more about configuring Secure Workspace, see the R80.10 Mobile Access Administration Guide.

To enable Secure Workspace on a Mobile Access Security Gateway:

1. In SmartConsole, go to Manage & Settings > Blades.
2. In the Mobile Access section, click Configure in SmartDashboard.
3. In the Mobile Access tab, click Endpoint Security on Demand > Secure Workspace.
4. Select the Security Gateway and click Edit.

   The Check Point Secure Workspace page of the Security Gateway properties window opens.

5. Select This gateway supports access to applications from within Check Point Secure Workspace.
6. Click OK and then install the policy.

To Learn More About Mobile Access

To learn more about Mobile Access VPN, see the R80.10 Mobile Access Administration Guide.