How do Endpoint Policy Servers Work?
External Endpoint Policy Servers decrease the load of the Endpoint Security Management Server A Security Management Server that manages your Endpoint Security environment. Includes the Endpoint Security policy management and databases. It communicates with endpoint clients to update their components, policies, and protection data. and reduce the bandwidth required between sites. By default, the Endpoint Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. also acts as an Endpoint Policy Server Endpoint Policy Server improves performance in large environments by managing most communication with the Endpoint Security clients. Managing the Endpoint Security client communication decreases the load on the Endpoint Security Management Server, and reduces the bandwidth required between sites. The Endpoint Policy Server handles heartbeat and synchronization requests, Policy downloads, Anti-Malware updates, and Endpoint Security client logs., in addition to the other Endpoint Policy Servers. The work of communication with the Endpoint Security clients is distributed among all of them.
The Endpoint Policy Servers are located between the Endpoint Security clients and the Endpoint Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.. For most tasks, Endpoint Security clients communicate with the Endpoint Policy Servers and the Endpoint Policy Servers communicate with the Endpoint Security Management Server.
If there are multiple Endpoint Policy Servers in an environment, each Endpoint Security client does an analysis to find which Endpoint Policy Server is "closest" (will be fastest for communication) and automatically communicates with that server.
Item |
Description |
---|---|
1 |
Active Directory Domains |
2 |
Endpoint Security Management Server |
3 |
External Endpoint Policy Server |
4 |
Enterprise workstations with Endpoint Security clients installed |
The Endpoint Policy Server handles the most frequent and bandwidth-consuming communication. The Endpoint Policy Server handles these requests without forwarding them to the Endpoint Security Management Server:
-
All heartbeat Endpoint clients send "heartbeat" messages to the Endpoint Security Management Server to check the connectivity status and report updates. and synchronization requests.
-
Policy downloads
-
All Endpoint Security client logs (the Endpoint Policy Server is configured as Log Server Dedicated Check Point server that runs Check Point software to store and process logs. by default).
The Endpoint Policy Server sends this data to the Endpoint Security Management Server:
-
All component-specific messages (which require information to be stored in the database). For example, Full Disk Encryption A component on Endpoint Security Windows clients. This component combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops. Acronym: FDE. recovery data.
-
Monitoring data. This includes the connection state and other monitoring data for connected clients.
-
Policy Server generated messages.