Hi,
Thats exactly what I want. I want them to be able to disable
policy but their connection should be blocked when they do
it when they are connected.
But I can't really get it to work. I waited much longer than
15 seconds.
Do I have to manually edit the local.scv file on the Policy
Server also?
And I also totally agree with you about the second point. I
really want to disable this "feature", but
unfortunately my boss tell me that we need to have it.
Regards,
Torkel
-----Opprinnelig melding-----
Fra: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AMADEUS.US.CHECKPOINT.COM]
På vegne av Ray
Sendt: 22. november 2006 01:25
Til: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
Emne: Re: [FW-1] SCV policy
How long are you waiting? I think SCV checks occur every
fifteen seconds.
You won't be able to keep them from disabling the policy,
but their
connections should eventually block.
Why do you want them to be able to disable the policy? We
don't allow it and
we've rarely had a complaint in 3+ years, and none of them
were for
business-related reasons.
Ray
>From: Torkel Mathisen <torkel.mathisenBBS.NO>
>Reply-To: Mailing list for discussion of Firewall-1
><FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM>
>To: FW-1-MAILINGLISTAMADEUS.US.CHECKPOINT.COM
>Subject: [FW-1] SCV policy
>Date: Tue, 21 Nov 2006 15:45:21 +0100
>
>Hi,
>
>I want to start using SCV on our home-office users to
make sure that
>they won't be able to disable policy when they are
connected to our VPN.
>
>I still want them to be able to disable policy when they
are not
>connected, so disabling this in the SecureClient package
is not a
>solution.
>
>I understand this should be possible with SCV though.
>
>I have already enabled SCV in Global Properties, but I
can still disable
>the policy on my SecureClient when I'm connected to our
VPN.
>
>My configuration in Global Properties are:
>
>Apply SCV on Simplified mode Security Policies are
checked
>
>Upon verification failure:
>Block client's connection
>
>Basic configuration verification on client's machine:
>Policy is installed on all interfaces
>
>Configuration Violation Notification on client's
machine:
>Generate log
>Notify the user
>
>
>What more do I need to do to accomplish this?
>
>
>Regards,
>Torkel
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERVamadeus.us.checkpoint.com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http:
//www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-ownerts.checkpoint.com
>=================================================
____________________________________________________________
_____
MSN Shopping has everything on your holiday list. Get expert
picks by style,
age, and price. Try it!
http:/
/shopping.msn.com/content/shp/?ctId=8000,ptnrid=176,ptnr
data=200601&tcode=wlmtagline
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|