Zubair Jalal wrote:
> Hi all
>
> I am integrating my FW R55 with Checkpoint Integrity. I want to restirct
> SecureClient's who do not have checkpoint integrity installed on their
> laptops. I suppose this can be done by modifying the local.scv file. I have
> tried that and it also detects that integrity is not installed but the client
> connections are not blocked. Wondering if anyone has had the same setup.
>
> regards
> Zubair
>
Hi,
first of all, you have defined the ZoneLabs tests to local.scv on the
SmartCenter, right?
You will have to activate them by e.g.
:SCVPolicy (
: (ZoneLabs)
)
I used ZoneLabs as the name in :SCVNames - maybe it's easier to handle
the whole thing with local.scv by using the SCVEditor
(http://www.checkpoint.com/downloads/quicklinks/utilities/downloadsng/utilities.html#scveditor)
The next step is to force the users to be SCV compliant. If you look at
the section :SCVGlobalParams you will find the parameters
:disconnect_when_not_verified (false) and
:block_connections_on_unverified (false). If you set these parameters to
true, install Desktop Security and connect with SecureClient to the
Policy Server, it should work as planned.
Please be aware, that 'non verified' connections to the Integrity Server
might be necessary.
Hope it helps,
best regards,
Matthias
http://www.fw-1.eu/
--
AERAsec Network Services and Security GmbH
Wagenberger Strasse 1
D-85662 Hohenbrunn, Germany
http://www.aerasec.de
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
