1. If Secureclient is offline should it block incoming connections that
is not accepted by the policy? Or the policy should work only if the vpn
connection is on???
There are two policies: the one while connected and the "default policy."
The default policy is in effect when not connected. The default policy uses
the "all users@any" group. You decide what happens in the default policy as
well as the connected policy.
2. Can I manually install or copy the policy to the Secureclient?
Because before the first vpn connection the policy is not downloaded and
the client has no defense against attacks. I mean there is a timeslot
from starting the pc till the remote user download the security policy
from the policy server.
Yes. There is an SK article on how to do this. You also can use a custom
install and modify PRODUCT.INI so the line that has
acceptall
is changed to
blockinbound
I don't remember exactly where it is but it's passed as a parameter to one
of the batch files listed in PRODUCT.INI.
When you gp to the SecureClient download page, get the "Adminstrator" file.
It unzips so you can see and manipulate any of the files as needed. After I
modify PRODUCT.INI and userc.C, I use WinZip to zip it up and then use the
companion self-extractor creator to make it a single .EXE install file.
userc.C is modified to preset the gateway IP address, etc., so it's easier
to configure when installed.
Ray
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
