I would suggest backing up your present C:\winnt\fw1\NG\conf\local.scv (in
case the local.scv get corrupted!) and then
insert your new local.scv file. Then you have to install the policy. If
you get an error that the local.scv is corrupt,
you can fall back on the original file.
I am not using a Nokia, but two SecurePlatforms (clustered) and two Win 2000
management stations. I only update my
local.scv file on my primary management station and install the policy. The
new local.scv is pushed automatically to
my secondary management station. I have never had any problems "syncing" the
local.scv on other servers.
I would try a test with a SCV you know a SecureClient will fail and see if
it works. The only problem I have had (R55 HFA03) is erratic logging for
SCV failures (sometimes it logs an alert, other times nothing is logged).
I have found that you must be very careful with the format of local.scv, it
is easy to corrupt the file. I always
make a backup of the running local.scv file before editing, just in case.
Joe
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Brett,
Gary
Sent: Thursday, July 22, 2004 8:13 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] SCV questions
Thanks for that but may I ask, $FWDIR/conf on my management station
(c:\winnt\fw1\NG\conf) already has a local.scv file that is 6kb, I presume
this is the default file that is created upon installation, Do I replace
this file completely with the Mcaffee one (which incidentally is a lot
smaller) or do I have to integrate the code from macfee into the already
present file. ??
Secondly, I searched my primary Nokia IP350 for local.scv and it produced
the 4 locations below, which one of these does it push out to ?? or will it
push to all 4
# find / -name local.scv
/var/opt/CPfw1-50-03/conf/local.scv
/var/opt/CPfw1-50-03/state/local/PS/local.scv
/var/opt/CPfw1-50-03/state/wallington/PS/local.scv
/opt/CPfw1-50-03/policy/local.scv
Thanks
Gary
-----Original Message-----
From: Hendriks, D. [mailto:D.Hendriks AT INFO.UMCN DOT NL]
Sent: 21 July 2004 19:41
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] SCV questions
Some answers:
>2) Due to my Nokia HA solution (2 IP350's and a management box), where
>exactly do i put the configured local.scv file ?, does it go on both
Nokias?
>if so in which location ?, or does it reside only on the management
>box?
Put it in the $FWDIR/conf on the management module
Upon the installation of the Desktop Policy it gets pushed to the FW
modules..
>3) What do i need to do in Smart Dashboard, the only thing i can find
>is to enable SCV in global properties > remote access > secure
>configuration verfiaction. I have ticked all 5 checkboxes. Is there
>anything i need to do in the rulebases or anywhere else ?
You need the policy server.
>4) one more question, if i enable SCV in the dashboard and install the
>policy, will it just ignore the setting if no local.scv files are
>present
?.
>I was just concerned that ive enabled SCV checking in the GUI and as
>yet
ive
>not configured a local.scv file but all of my secureclient connections
>are getting in fine, is this normal, will it only kick in when i create
>the local.scv file
What isn't there can't be checked....;-)
Hope this helps,
Dion
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
This electronic message contains information from Cetelem UK Credit Ltd
which may be privileged or confidential. The information is intended to be
for the use of the individual(s) or entity named above. If you are not the
intended recipient be aware that any disclosure, copying, distribution or
use of the contents of this information is prohibited. If you have received
this electronic message in error, please notify us by telephone or email (to
the numbers or address above) immediately.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
