Check Point HARMONY R81 - The Heartbeat Interval; SHA-256 Certificate Support; Tlsv1.2 Support

451 pages

Save Page as PDF

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

Endpoint Security Server and Client Communication

R81 Harmony Endpoint Server Administration Guide|28

The Heartbeat Interval

Endpoint clients send "heartbeat" messages to the Endpoint Security Management Server to

check the connectivity status and report updates. The time between heartbeat messages is

known as the

heartbeat interval.

Note - The default heartbeat interval is 60 seconds.

A shorter heartbeat interval can cause additional load on the management. A longer

heartbeat interval may lead to less up-to-date logs and reports.

The endpoint computer Compliance state is updated at each heartbeat. The heartbeat interval

also controls the time that an endpoint client is in the About to be restricted state before it is

restricted.

It is possible to create restricted policies that will automatically be enforced once the endpoint

client enters a restricted state

To configure the heartbeat interval and out-of-compliance settings:

1. Click Manage > Endpoint Connection Settings.

The Connection Settings Properties window opens.

2. In the Connection Settings section, set the Interval between client heartbeats.

3. In the Out-Of-Compliance section, configure when a client is restricted. Configure the

number of heartbeats in Client will restrict non compliant endpoint after. The default is

5 heartbeats.

4. Click OK.

SHA-256 Certificate Support

For R80 and higher clean installations, the management certificate is encrypted with SHA-256

encryption by default. In R77.X and lower environments, or upgrades from those versions,

SHA-256 is not supported for the Root CA. You can use SHA-256 for renewed certificates after

the previous certificate expires. See sk103840 for more information.

To configure a renewed certificate to use SHA-256:

On the Endpoint Security Management Server, run: cpca_client set_sign_hash

sha256

After the management certificate expires, the renewed certificate will be signed with SHA-256

encryption.

TLSv1.2 Support

By default, the Endpoint Security servers in this release support TLSv1.2 and TLSv1 for

communication between clients and servers.

Table of Contents

Related product manuals

Preview: Check Point L-71

Check Point L-71

Check Point 6700

Preview: Check Point UTM-1 U-5

Check Point UTM-1 U-5

Preview: Check Point UTM-1 Edge

Check Point UTM-1 Edge

Preview: Check Point 6000 Series

Check Point 6000 Series

Preview: Check Point Smart-1 205

Check Point Smart-1 205

Preview: Check Point Smart-1 625

Check Point Smart-1 625

Preview: Check Point Smart-1 225

Check Point Smart-1 225

Preview: Check Point Smart-1 5050

Check Point Smart-1 5050

Preview: Check Point QUANTUM SPARK 1530

Check Point QUANTUM SPARK 1530

Preview: Quantum SMART-1 600-M

Quantum SMART-1 600-M

Preview: QUANTUM SMART-1 6000-L/6000-XL

QUANTUM SMART-1 6000-L/6000-XL