Monitoring Compliance States

Monitor the compliance state of computers in your environment from:

  1. Click Asset Management > Computers.

  2. Select the Compliance view in the Columns profile selector in your toolbar.

These compliance states are used in the Security Overview and ComplianceClosed Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration. reports:

  • Compliant - The computer meets all compliance requirements.

  • About to be restricted - The computer is not compliant and will be restricted if steps are not done to make it compliant. See "About to be Restricted" State.

  • Restricted - The computer is not compliant and has restricted access to network resources.

  • N/A – Compliance policy is not applicable for the computer.

  • Warn - The computer is not compliant but the user can continue to access network resources. Do the steps necessary to make the computer compliant.

  • Not Running – Compliance policy is not running on the computer.

  • Unknown – Compliance status is unknown.

  • Not Installed – Compliance policy is not installed on the computer.

The endpoint computer Compliance state is updated at each heartbeatClosed Endpoint clients send "heartbeat" messages to the Endpoint Security Management Server to check the connectivity status and report updates.. The heartbeat interval also controls the time that an endpoint client is in the About to be restricted state before it is restricted.

It is possible to create restricted policies that will automatically be enforced once the endpoint client enters a restricted state

"About to be Restricted" State

The About to be restricted state sends users one last warning and gives an opportunity to immediately correct compliance issues before an endpoint computer is restricted.

The formula for converting the specified time period to minutes is:
<number of heartbeats > * <heartbeat interval (in seconds)> * 60.