Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Secure Client & Policy Server Logon

To: [email protected]
Subject: [FW-1] Secure Client & Policy Server Logon
From: Can2002 <[email protected]>
Date: Sat, 19 Jul 2003 10:42:41 +0100
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

I've configured NG FP3_HF2 on a Nokia box for a client who have purchased
licenses for Secure Client.

We've configured a desktop security policy and all the normal groups and
am able to authenticate using the latest version of Secure Client without
problems and can then logon to the policy server.  The client wants to
use transparent mode rather than connect mode.

The problem I'm experiencing is logging onto the policy server
automatically when client PCs start up and have not yet authenticated to
the policy server.  The sequence of events we're encountering is shown
below:

  1. Laptop starts up, user connects to the Internet via modem.
  2. User fires up web browser and attempts to connect to server in ED.
  3. User is prompted for SC authentication & enters username/password.
  4. User receives notification they've been successfully authenticated.
  5. User receives a timeout message from their web browser.
  6. User right-clicks on the SC icon abd selects 'Logon to policy
  server'.
  7. User can now connect to resources in the ED.

Having searched NG/Maillist archives I've picked up a few ideas including
adding a default_ps entry to usersc.C; however this only makes things
worse as inbetween being prompted for authentication and a success
prompt, I receive an error saying 'SecureClient failed to communicate
with Policy Server ???? at site ???.???.???.???'.

We enabled the 'Policy is installed on all interfaces' SCV option in
global properties, which is obviously what stops the client connecting
before logging onto the Policy Server; however the client has specified
that they want this option enabled.

The client is unhappy with the need for authenticating and then manually
logging onto the policy server; has anyone found a way round this?

Cheers,
Chris

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] Secure Client & Policy Server Logon
  - From: Hannu Liljemark <[email protected]>

Prev by Date: [FW-1] Nokia vs Intel Server
Next by Date: [FW-1] transparent Firewall
Previous by thread: Re: [FW-1] Nokia vs Intel Server
Next by thread: Re: [FW-1] Secure Client & Policy Server Logon
Index(es):
- Date
- Thread