NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Secure Client & Policy Server Logon


  • To: [email protected]
  • Subject: Re: [FW-1] Secure Client & Policy Server Logon
  • From: "Roelandts, Guy" <[email protected]>
  • Date: Wed, 23 Jul 2003 09:52:40 +0200
  • Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
  • Sender: Mailing list for discussion of Firewall-1 <[email protected]>
  • Thread-index: AcNN2/43a5tJ3UsATm6kOoAL/67p0QDEv94Q
  • Thread-topic: [FW-1] Secure Client & Policy Server Logon

Hi,

   To me there is a way to 'automatically' logon to the policy server
 by specifying it in the userc.C file like :

        :policy_servers (1.2.3.4)

   Where 1.2.3.4 is the IP address of your Policy Server, but this was
 obvious and you had understood this ;-))

Met vriendelijke groeten - Bien à vous - Kind regards
Guy ROELANDTS
EMEA GS Internet Expertise Centre - CCSE-NG
Hewlett-Packard Belgium B.V.B.A./S.P.R.L.
E-mail : [email protected]
Tel: +32(02)729.85.61
Fax: +32(02)729.77.65
==========================================================
This message may contain confidential and/or proprietary information,
and is intended only for the person/entity to whom it was originally
addressed. The content of this message may contain private views and
opinions which do not constitute a formal disclosure or commitment
unless specifically stated. Should you receive this message by mistake
please inform the sender immediately.
==========================================================



-----Original Message-----
From: Can2002 [mailto:[email protected]]
Sent: 19 July 2003 11:43
To: [email protected]
Subject: [FW-1] Secure Client & Policy Server Logon


I've configured NG FP3_HF2 on a Nokia box for a client who have purchased
licenses for Secure Client.

We've configured a desktop security policy and all the normal groups and
am able to authenticate using the latest version of Secure Client without
problems and can then logon to the policy server.  The client wants to
use transparent mode rather than connect mode.

The problem I'm experiencing is logging onto the policy server
automatically when client PCs start up and have not yet authenticated to
the policy server.  The sequence of events we're encountering is shown
below:

  1. Laptop starts up, user connects to the Internet via modem.
  2. User fires up web browser and attempts to connect to server in ED.
  3. User is prompted for SC authentication & enters username/password.
  4. User receives notification they've been successfully authenticated.
  5. User receives a timeout message from their web browser.
  6. User right-clicks on the SC icon abd selects 'Logon to policy
  server'.
  7. User can now connect to resources in the ED.

Having searched NG/Maillist archives I've picked up a few ideas including
adding a default_ps entry to usersc.C; however this only makes things
worse as inbetween being prompted for authentication and a success
prompt, I receive an error saying 'SecureClient failed to communicate
with Policy Server ???? at site ???.???.???.???'.

We enabled the 'Policy is installed on all interfaces' SCV option in
global properties, which is obviously what stops the client connecting
before logging onto the Policy Server; however the client has specified
that they want this option enabled.

The client is unhappy with the need for authenticating and then manually
logging onto the policy server; has anyone found a way round this?

Cheers,
Chris

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.