From: Torkel Mathisen <torkel.mathisen AT BBS DOT NO>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] SV: [FW-1] SV: [FW-1] SCV policy
Date: Thu, 23 Nov 2006 09:43:17 +0100
Why would you be sure of that? ;)
I modified the local.scv file the Policy Server and not on the SmartCenter.
It looked more logical to modify it directly on the Policy Server because
that file was much bigger with much more parameters already included than
the one on the SmartCenter.
But you say that it's the local.scv on the SmartCenter that should be
edited and then it will push to the Policy Server when I push policy or
something?
-Torkel
-----Opprinnelig melding-----
Fra: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] På vegne av Ray
Sendt: 22. november 2006 16:26
Til: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Emne: Re: [FW-1] SV: [FW-1] SCV policy
You are modifying the copy on the SmartCenter and pushing the policy
afterwards, right? I'm sure you are, but i thought I'd ask. :-)
How often are your topology updates set for? I have mine set for one hour
to
assure changes like these are downloaded quickly. Check the copy on the
laptop after you connect and make sure the changes you made are present.
As an alternative to allowing it to be disabled, you could set up a "all
users@any" inbound and outbound rule with any-any-accept. That would give
the same effect, but you could add rules remotely when needed and not have
to worry about the firewall being disabled.
Ray
>From: Torkel Mathisen <torkel.mathisen AT BBS DOT NO>
>Reply-To: Mailing list for discussion of Firewall-1
><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
>To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>Subject: [FW-1] SV: [FW-1] SCV policy
>Date: Wed, 22 Nov 2006 12:15:12 +0100
>
> > Hi,
> > there are much more parameters to configure, but not with
> > SmartDashboard. As you write, you can modify userc.C, so e.g. users
> > cannot stop SecureClient.
> > Additionally, at the SmartCenter you have the file
>$FWDIR/conf/local.scv
> > which deals with SCV. As an example: If the parameter
> > "disconnect_when_not_verified" is set to "true", it will not only be
> > checked if the client is compliant when starting the session. Maybe
>the
> > SCV Editor
> >
>(http://www.checkpoint.com/downloads/quicklinks/utilities/downloadsng/ut
>il
> > ities/sc_scv_tools.html)
> > helps modifying local.scv.
> > Hope it helps,
> > best regards,
> > Matthias
>
>I tried to modify local.scv also. I modified:
>
> :SCVGlobalParams (
> :disconnect_when_not_verified (true)
> :block_connections_on_unverified (true)
> )
>
>Modifised from false to true.
>
>It looks right to me, but he still didn't get blocked.
>
>Anything else?
>
>
>Regards,
>Torkel
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================
_________________________________________________________________
Get free, personalized commercial-free online radio with MSN Radio powered
by Pandora http://radio.msn.com/?icid=T002MSN03A07001
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
