You can get the secureclient package tool doc from
checkpoint website. Package tool is available for NG
FP3 and AI
Wayne
--- "Brett, Gary" <garybrett AT HALIFAXCETELEM DOT COM>
wrote:
> Thanks, do you know of any docs/whitepapers that
> explain how to use the
> SecureClient Packaging tool ?? and also, is this
> function available for NG
> FP3 ??? or is it an AI feature?
>
> -----Original Message-----
> From: Ray Pesek [mailto:sixsigma44 AT HOTMAIL DOT COM]
> Sent: 31 March 2004 17:47
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] SecureClient - Blocking web
> browsing
>
>
> 1. Use the SecureClient Packaging Tool on the
> management station to create a
> customized build of SecureClient. Select the options
> that do not allow them
> to unload the policy or shut down SecureClient.
> Allow DHCP to work even if
> the policy does not allow it.
>
> 2. Use SCV so they cannot connect to the internal
> network unless the policy
> is loaded.
>
> 3. Implement an Outbound desktop rule like so:
>
> Source: AllUsers@any
> Destination: any
> Service: any
> Action: drop
>
> This will cause one big issue. The "AllUsers@any"
> rules are the desktop
> security policy that is in effect when they are NOT
> VPNed in. Some hotel
> broadband systems, notably STSN, require that a
> browser outbound connection
> come from the laptop. They then intercept the call
> and pop up their own page
> that you have to click a button on to get Internet
> access.
>
> No clicky, no Internet. No browser outbound, no STSN
> page, no Internet, no
> VPN connection. Kind of a chicken-or-egg thing. If
> you have a forced browser
> home page, you could create an outbound rule to
> allow HTTP to it, even if it
> is unreachable from the Internet. This is enough to
> trip the STSN page.
>
> Ray
>
>
> >From: "Brett, Gary" <garybrett AT HALIFAXCETELEM DOT COM>
> >Reply-To: Mailing list for discussion of Firewall-1
> ><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
> >To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> >Subject: [FW-1] SecureClient - Blocking web
> browsing
> >Date: Wed, 31 Mar 2004 13:07:32 +0100
> >
> >Dear all
> >
> >I am implementing secure client for all remote
> users, but as my test bed
> >has
> >highlighted there are concerns over the users
> connecting to the internet
> >and
> >not using the VPN, i.e. for non work related
> reasons and installing all
> >types of goodies from the net on their laptops.
> Does anybody know of a way
> >I
> >can set it up so that when connecting to the net,
> it always and only
> >connects to the firewall hence not giving them the
> ability to browse the
> >web
> >at all? Unfortunately for me, my users are quite PC
> literate and as such
> >this method would have to be put in place with no
> workaround (well, no
> >obvious one at least). I am quite willing to look
> at reg hacks to lock the
> >OS down, but I don't know if they'll solve my
> problem
> >
> >
> >any help would be greatly appreciated
> >
> >regards
> >Gary
> >This electronic message contains information from
> Halifax Cetelem Credit
> >Ltd
> >which may be privileged or confidential. The
> information is intended to be
> >for the use of the individual(s) or entity named
> above. If you are not the
> >intended recipient be aware that any disclosure,
> copying, distribution or
> >use of the contents of this information is
> prohibited. If you have received
> >this electronic message in error, please notify us
> by telephone or email
> >(to
> >the numbers or address above) immediately.
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages,
> >send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >fw-1-owner AT ts.checkpoint DOT com
> >=================================================
>
>
_________________________________________________________________
> MSN Toolbar provides one-click access to Hotmail
> from any Web page - FREE
> download!
> http://toolbar.msn.com/go/onm00200413ave/direct/01/
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
> This electronic message contains information from
> Halifax Cetelem Credit Ltd
> which may be privileged or confidential. The
> information is intended to be
> for the use of the individual(s) or entity named
> above. If you are not the
> intended recipient be aware that any disclosure,
> copying, distribution or
> use of the contents of this information is
> prohibited. If you have received
> this electronic message in error, please notify us
> by telephone or email (to
> the numbers or address above) immediately.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
__________________________________
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway
http://promotions.yahoo.com/design_giveaway/
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
