You are modifying the copy on the SmartCenter and pushing
the policy
afterwards, right? I'm sure you are, but i thought I'd ask.
How often are your topology updates set for? I have mine set
for one hour to
assure changes like these are downloaded quickly. Check the
copy on the
laptop after you connect and make sure the changes you made
are present.
As an alternative to allowing it to be disabled, you could
set up a "all
users any" inbound and outbound rule with
any-any-accept. That would give
the same effect, but you could add rules remotely when
needed and not have
to worry about the firewall being disabled.
Ray
>From: Torkel Mathisen <torkel.mathisenBBS.NO>
>Reply-To: Mailing list for discussion of Firewall-1
><FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM>
>To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
>Subject: [FW-1] SV: [FW-1] SCV policy
>Date: Wed, 22 Nov 2006 12:15:12 +0100
>
> > Hi,
> > there are much more parameters to configure, but
not with
> > SmartDashboard. As you write, you can modify
userc.C, so e.g. users
> > cannot stop SecureClient.
> > Additionally, at the SmartCenter you have the file
>$FWDIR/conf/local.scv
> > which deals with SCV. As an example: If the
parameter
> > "disconnect_when_not_verified" is set to
"true", it will not only be
> > checked if the client is compliant when starting
the session. Maybe
>the
> > SCV Editor
> >
>(http://www.checkpoint.com/downloads/quick
links/utilities/downloadsng/ut
>il
> > ities/sc_scv_tools.html)
> > helps modifying local.scv.
> > Hope it helps,
> > best regards,
> > Matthias
>
>I tried to modify local.scv also. I modified:
>
> :SCVGlobalParams (
> :disconnect_when_not_verified (true)
> :block_connections_on_unverified (true)
> )
>
>Modifised from false to true.
>
>It looks right to me, but he still didn't get blocked.
>
>Anything else?
>
>
>Regards,
>Torkel
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERVamadeus.us.checkpoint.com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http:
//www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-ownerts.checkpoint.com
>=================================================
____________________________________________________________
_____
Get free, personalized commercial-free online radio with MSN
Radio powered
by Pandora http://rad
io.msn.com/?icid=T002MSN03A07001
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|