Monitoring Compliance States

Monitor the compliance state of computers in your environment from:

• The Logs tab of the SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. Logs & Monitor view

• The Security Overview

• Reporting > Compliance

These compliance states are used in the Security Overview and Compliance Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration. reports:

• Compliant - The computer meets all compliance requirements.

• About to be restricted - The computer is not compliant and will be restricted if steps are not done to make it compliant. See Configuring the "About to be Restricted" State.

• Observe - One or more of the compliance rules that is set as Observe is not met. Users do not know about this status and have no restrictions.

• Restricted - The computer is not compliant and has restricted access to network resources.

• Warn - The computer is not compliant but the user can continue to access network resources. Do the steps necessary to make the computer compliant.

The Heartbeat Interval

Endpoint clients send "heartbeat Endpoint clients send "heartbeat" messages to the Endpoint Security Management Server to check the connectivity status and report updates." messages to the Endpoint Security Management Server A Security Management Server that manages your Endpoint Security environment. Includes the Endpoint Security policy management and databases. It communicates with endpoint clients to update their components, policies, and protection data. to check the connectivity status and report updates. The time between heartbeat messages is known as the heartbeat interval.

Note - The default heartbeat interval is 60 seconds. A shorter heartbeat interval can cause additional load on the management. A longer heartbeat interval may lead to less up-to-date logs and reports

The endpoint computer Compliance state is updated at each heartbeat. The heartbeat interval also controls the time that an endpoint client is in the About to be restricted state before it is restricted.

It is possible to create restricted policies that will automatically be enforced once the endpoint client enters a restricted state

To configure the heartbeat interval and out-of-compliance settings:

1. Click Manage > Endpoint Connection Settings.

   The Connection Settings Properties window opens.

2. In the Connection Settings section, set the Interval between client heartbeats.

3. In the Out-Of-Compliance section, configure when a client is restricted. Configure the number of heartbeats in Client will restrict non compliant endpoint after. The default is 5 heartbeats.

4. Click OK.

Configuring the "About to be Restricted" State.

The About to be restricted state sends users one last warning and gives an opportunity to immediately correct compliance issues before an endpoint computer is restricted. You can configure the period of time that a user has to correct the issues after the warning message shows.

You define this period of time in heartbeats.

To configure the time period that users have before an endpoint computer is restricted:

1. Click Manage > Endpoint Connection Settings.

   The Connection Settings Properties window opens.

2. In the Out of Compliance section, enter the number of heartbeats.

3. Click OK.

When you configure this time period, we recommend that you give users sufficient opportunity to:

• Save their data.

• Correct the compliance issues.

• Make sure that the endpoint computer is compliant.

The formula for converting the specified time period to minutes is:
<number of heartbeats > * <heartbeat interval (in seconds)> * 60.