I think the companion self-extractor / creator is called SecureClient
Packaging Tool and is downloadable from www.checkpoint.com. I have used it
to include updated userc.c files and it worked nicely for me. I never made
any changes to the default policy though, so I am not much help there.
Hth
Rob
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Ray
Sent: Tuesday, January 31, 2006 7:02 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] SecureClient questions
>1. If Secureclient is offline should it block incoming connections that
>is not accepted by the policy? Or the policy should work only if the vpn
>connection is on???
There are two policies: the one while connected and the "default policy."
The default policy is in effect when not connected. The default policy uses
the "all users@any" group. You decide what happens in the default policy as
well as the connected policy.
>2. Can I manually install or copy the policy to the Secureclient?
>Because before the first vpn connection the policy is not downloaded and
>the client has no defense against attacks. I mean there is a timeslot
>from starting the pc till the remote user download the security policy
>from the policy server.
Yes. There is an SK article on how to do this. You also can use a custom
install and modify PRODUCT.INI so the line that has
acceptall
is changed to
blockinbound
I don't remember exactly where it is but it's passed as a parameter to one
of the batch files listed in PRODUCT.INI.
When you gp to the SecureClient download page, get the "Adminstrator" file.
It unzips so you can see and manipulate any of the files as needed. After I
modify PRODUCT.INI and userc.C, I use WinZip to zip it up and then use the
companion self-extractor creator to make it a single .EXE install file.
userc.C is modified to preset the gateway IP address, etc., so it's easier
to configure when installed.
Ray
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
