Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] SecureClient Policy Server

To: "'[email protected]'" <[email protected]>, [email protected]
Subject: RE: [FW1] SecureClient Policy Server
From: "Luke, Jason (ISS Southfield)" <[email protected]>
Date: Thu, 16 Aug 2001 10:01:32 -0400
Sender: [email protected]

You definitely want your firewall to be the Policy Server.  
Just to step thru what you did:
Created a New Server->Policy Server.  Its host is the primary firewall, and
you selected an appropriate user group.  (I know you cant do gateway
clusters in the object - dont know why- probably a limitation)  
Then you have a policy defined in Policy-> Properties -> Desktop Security.
Those checkboxes in the Desktop Configuration Verification Options section
need to checked.

On the client, you installed SecureClient with Desktop Security (option
during install).  You create a new site, give the firewall's IP.  (Disable
or remove the mgmt station site)  Double check the options for desktop
security for the client.  
Dont forget a rule allowing that User Group to access some machines using
Client Encrypt.  Try a test policy of Allow Encrypted Only and test pinging
something in the rule.  Watch the logs for the traffic.

If that doesnt steer you in the right direction, there are some docs about
this on CHKP's website.


-----Original Message-----
From: Richard Marshall [mailto:[email protected]]
Sent: Wednesday, August 15, 2001 7:29 AM
To: [email protected]
Subject: [FW1] SecureClient Policy Server



Hi Gurus :)

I have (fairly) sucesfully implemented SecuRemote Access with Hybrid IKE.
Recently i noticed that we actually have a license for Secure Client too, so
naturally I would like to use this for it's improved security. My problem is
getting FW-1 to recognise a policy server. Both the managment station and
the primary firewall in the gateway cluster have a Secure Client license.
However, the client program doesn't recognise that there is a policy server
to log into.

>From what I understand the policy server needs to be on a firewall module,
not the managment module. However the SecuRemote site has to be the
managment server because of the use of internal CA's. Does anyone know how i
can either; get the managment server to be recognised by the system as a
policy server (in the manage->servers section it will only let me select a
firewall as a policy server.) Or, for the primary cluster firewall to be
recognised?

I have looked in Objects.C and it is pointing to the primary firewall. It is
even listed in Userc.C on the client as the primary firewall, it just
doesn't seem to recognise that it's there.

TIA

Richard Marshall
Network Systems Analyst
NetDoktor





============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] What is wong with this mailinglist!!!!
Next by Date: [FW1] Teamed NIC's on Compaq
Previous by thread: [FW1] SecureClient Policy Server
Next by thread: RE: [FW1] SecureClient Policy Server
Index(es):
- Date
- Thread