Local Deployment Options

When you use Automatic Deployment, you can configure clients to use local storage to upgrade Endpoint Security clients. This lets administrators use Automatic Deployment, without the need for each Endpoint Security client to download a package from the Endpoint Security Management Server A Security Management Server that manages your Endpoint Security environment. Includes the Endpoint Security policy management and databases. It communicates with endpoint clients to update their components, policies, and protection data..

To set up such a deployment, you must:

• Upload the packages to the Endpoint Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server..

• Create a Deployment rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. with the package version selected.

• Configure a Common Client Settings rule to allow deployment from local paths or URLs.

• Upload the packages to the defined local storage paths or URLs.

This is only supported on Windows clients.

Note: If local deployment is enabled for a client, the administrator can still choose whether clients try to download packages from the Endpoint Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. if packages are not found in local storage. This option is called: Enable Deployment from server when no MSI was found in local paths.

To enable Deployment with a locally stored package:

1. Upload each package to the Package Repository of the Endpoint Security Management Server.

2. Put the same packages in local storage location on client computers, for example C:\TEMP\EPS\32bit\EPS.msi.

3. Go to the Policy tab of SmartEndpoint A Check Point GUI application which connects to the Endpoint Security Management Server, to manage your Endpoint Security environment - to deploy, monitor and configure Endpoint Security clients and policies. > Client Settings rule.

4. In the Deployment Locations action, select Enable deployments from local paths or URLs. You can also Clone the action.

5. Double-click the action.

   The Deployment Locations window opens.

6. Make sure that Allow to install software deployment packages from? is selected.

7. Optional: Select Enable Deployment from Server when no MSI was found in local paths or URLs. When selected, if no MSI file is in the local paths or URLs, the client checks the Endpoint Security Management Server for packages.

8. Click Add item and select the Package Location to add paths for packages located on client computers. Select if each package is for 32 bit or 64 bit computers.

9. Click OK.

10. In the Deployment tab, create or edit a Deployment rule to use the package Version and assign it to computers.

11. Click Save.

12. Install Policy to deploy the rule to clients.

    Note - If the version of the Endpoint Security client in the Deployment rule and in the local file path is not the same, the client is not deployed.

If the version on the server and in the local file path are not the same, an error shows.