Installing and Configuring an Endpoint Policy Server

We recommend that you use a distributed deployment that contains external Endpoint Policy Servers on dedicated computers.

• Install at least one Endpoint Policy Server Endpoint Policy Server improves performance in large environments by managing most communication with the Endpoint Security clients. Managing the Endpoint Security client communication decreases the load on the Endpoint Security Management Server, and reduces the bandwidth required between sites. The Endpoint Policy Server handles heartbeat and synchronization requests, Policy downloads, Anti-Malware updates, and Endpoint Security client logs. for each remote site.

• For larger sites, install many Endpoint Policy Servers to improve performance.

An Endpoint Policy Server is a Log Server Dedicated Check Point server that runs Check Point software to store and process logs. that you configure as an Endpoint Policy Server.

Installing an Endpoint Policy Server

To install Endpoint Policy Server, install a Log Server and configure it as Endpoint Policy Server. Use the instructions in the R80.40 Installation and Upgrade Guide

Configuring an Endpoint Policy Server

To define an Endpoint Policy Server:

1. In SmartEndpoint A Check Point GUI application which connects to the Endpoint Security Management Server, to manage your Endpoint Security environment - to deploy, monitor and configure Endpoint Security clients and policies., go to Manage > Endpoint Servers.

   The Endpoint Servers window opens.

2. Click New.

   To edit an existing server, select it from the list and click Edit.

   The Endpoint Server Wizard opens.

3. Enter the Name and IP Address.

4. Optional: Type the FQDN (Fully Qualified Domain Name) of the Endpoint Policy Server. For example, somehost.example.com

   If you specify the FQDN, the Endpoint clients use the FQDN and not the IP address to communicate with the Endpoint Policy Server. The advantage of specifying the FQDN is that if the IP address of the server changes, communication between the server and the clients is not interrupted. Another advantage is that you can use an internal non-routable, private IP address for the server (for example 10.1.2.3).

5. Select Endpoint Policy Server

6. Click Next.

7. Select an option to initiate secure trusted communication now or later:

   • Initiate trusted communication (If the servers are up and able to communicate)

     • Enter and confirm an Activation Key. You will enter this same key on the other servers.

     • Click Initialize.

   • Skip and initiate trusted communication later (If the servers are not ready to communicate)

8. Click Next.

   A warning pop-up window shows.

9. Click OK.

10. Click Finish.

    The Install Database window opens.

11. Wait for the database installation to finish.

    The Close button becomes available.