[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] SecureClient Policy Server
You definitely want your firewall to be the Policy Server. Just to step thru what you did: Created a New Server->Policy Server. Its host is the primary firewall, and you selected an appropriate user group. (I know you cant do gateway clusters in the object - dont know why- probably a limitation) Then you have a policy defined in Policy-> Properties -> Desktop Security. Those checkboxes in the Desktop Configuration Verification Options section need to checked. On the client, you installed SecureClient with Desktop Security (option during install). You create a new site, give the firewall's IP. (Disable or remove the mgmt station site) Double check the options for desktop security for the client. Dont forget a rule allowing that User Group to access some machines using Client Encrypt. Try a test policy of Allow Encrypted Only and test pinging something in the rule. Watch the logs for the traffic. If that doesnt steer you in the right direction, there are some docs about this on CHKP's website. -----Original Message----- From: Richard Marshall [mailto:[email protected]] Sent: Wednesday, August 15, 2001 7:29 AM To: [email protected] Subject: [FW1] SecureClient Policy Server Hi Gurus :) I have (fairly) sucesfully implemented SecuRemote Access with Hybrid IKE. Recently i noticed that we actually have a license for Secure Client too, so naturally I would like to use this for it's improved security. My problem is getting FW-1 to recognise a policy server. Both the managment station and the primary firewall in the gateway cluster have a Secure Client license. However, the client program doesn't recognise that there is a policy server to log into. >From what I understand the policy server needs to be on a firewall module, not the managment module. However the SecuRemote site has to be the managment server because of the use of internal CA's. Does anyone know how i can either; get the managment server to be recognised by the system as a policy server (in the manage->servers section it will only let me select a firewall as a policy server.) Or, for the primary cluster firewall to be recognised? I have looked in Objects.C and it is pointing to the primary firewall. It is even listed in Userc.C on the client as the primary firewall, it just doesn't seem to recognise that it's there. TIA Richard Marshall Network Systems Analyst NetDoktor ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|