Discussion:
checkpoint secure client VPN-1
(too old to reply)
Chris Moore
2004-04-15 01:26:38 UTC
Permalink
I have the following problem:

When PC's with the SecureClient are on the LAN the software reverts to the
Default policy and the firewall blocks all traffic coming to it i.e. I
cannot ping the clients nor push my Antivirus installations, access shares,
etc.

If I Disable the default policy i.e. no protection, everything works fine

If I log in from an external internet connection then I get the personalised
policy loaded and everything works fine as it should.

How can I get the clients to behave properly on the LAN so they are
accessible for management purposes. Why do they not default to the policy
server and use the personalised policy, why do they use the default and
block everything??

I have setup as far as I know correctly the FW and client software - have
followed the VPN client install guide from the Checkpoint site.

Any advice would be greatly appreciated!!!

Checkpoint Firewall 1 NG FP3
Checkpoint SecureClient various builds all with the same issue

Thanks

Chris
Chris
2004-04-15 08:05:42 UTC
Permalink
Post by Chris Moore
When PC's with the SecureClient are on the LAN the software reverts to the
Default policy and the firewall blocks all traffic coming to it i.e. I
cannot ping the clients nor push my Antivirus installations, access shares,
etc.
If I Disable the default policy i.e. no protection, everything works fine
If I log in from an external internet connection then I get the personalised
policy loaded and everything works fine as it should.
How can I get the clients to behave properly on the LAN so they are
accessible for management purposes. Why do they not default to the policy
server and use the personalised policy, why do they use the default and
block everything??
I have setup as far as I know correctly the FW and client software - have
followed the VPN client install guide from the Checkpoint site.
Any advice would be greatly appreciated!!!
Checkpoint Firewall 1 NG FP3
Checkpoint SecureClient various builds all with the same issue
Thanks
Chris
Are you saying that your clients are on a LAN behind the firewall and have
SecureClient active? Why would you use SecureClient on the LAN?

Chris.
"zenner" <zenner@pacbell.net>
2004-04-15 13:04:35 UTC
Permalink
Microsoft clients have GPO (group policy/system policy) to enforce
configurations within he Domain. The post did not mention what OS the client
are running; however, using SecureClient on the LAN can be useful in
enforcing similar strictures.

So, one obvious question...what OS is running on the client machines...why
not use group policies or system policies instead (if you are running NT or
W2K/W2K03)? By the way none of your clients are running Win 95, which is no
longer supported for SecureClient.
Post by Chris Moore
Post by Chris Moore
When PC's with the SecureClient are on the LAN the software reverts to the
Default policy and the firewall blocks all traffic coming to it i.e. I
cannot ping the clients nor push my Antivirus installations, access
shares,
Post by Chris Moore
etc.
If I Disable the default policy i.e. no protection, everything works fine
If I log in from an external internet connection then I get the
personalised
Post by Chris Moore
policy loaded and everything works fine as it should.
How can I get the clients to behave properly on the LAN so they are
accessible for management purposes. Why do they not default to the policy
server and use the personalised policy, why do they use the default and
block everything??
I have setup as far as I know correctly the FW and client software - have
followed the VPN client install guide from the Checkpoint site.
Any advice would be greatly appreciated!!!
Checkpoint Firewall 1 NG FP3
Checkpoint SecureClient various builds all with the same issue
Thanks
Chris
Are you saying that your clients are on a LAN behind the firewall and have
SecureClient active? Why would you use SecureClient on the LAN?
Chris.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.657 / Virus Database: 422 - Release Date: 4/13/2004
Chris Moore
2004-04-16 01:16:38 UTC
Permalink
All clients are Windows XP

SecureClient loads on bootup as per the default installation hence the
firewall kicking off with no policy when the users are on the LAN.

Hope this provides more useful info.

Thanks for the replies so far


Chris
Post by "zenner" <***@pacbell.net>
Microsoft clients have GPO (group policy/system policy) to enforce
configurations within he Domain. The post did not mention what OS the client
are running; however, using SecureClient on the LAN can be useful in
enforcing similar strictures.
So, one obvious question...what OS is running on the client machines...why
not use group policies or system policies instead (if you are running NT or
W2K/W2K03)? By the way none of your clients are running Win 95, which is no
longer supported for SecureClient.
Post by Chris Moore
Post by Chris Moore
When PC's with the SecureClient are on the LAN the software reverts to
the
Post by Chris Moore
Post by Chris Moore
Default policy and the firewall blocks all traffic coming to it i.e. I
cannot ping the clients nor push my Antivirus installations, access
shares,
Post by Chris Moore
etc.
If I Disable the default policy i.e. no protection, everything works
fine
Post by Chris Moore
Post by Chris Moore
If I log in from an external internet connection then I get the
personalised
Post by Chris Moore
policy loaded and everything works fine as it should.
How can I get the clients to behave properly on the LAN so they are
accessible for management purposes. Why do they not default to the
policy
Post by Chris Moore
Post by Chris Moore
server and use the personalised policy, why do they use the default and
block everything??
I have setup as far as I know correctly the FW and client software -
have
Post by Chris Moore
Post by Chris Moore
followed the VPN client install guide from the Checkpoint site.
Any advice would be greatly appreciated!!!
Checkpoint Firewall 1 NG FP3
Checkpoint SecureClient various builds all with the same issue
Thanks
Chris
Are you saying that your clients are on a LAN behind the firewall and have
SecureClient active? Why would you use SecureClient on the LAN?
Chris.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.657 / Virus Database: 422 - Release Date: 4/13/2004
Chris
2004-04-16 07:26:18 UTC
Permalink
Post by Chris Moore
All clients are Windows XP
SecureClient loads on bootup as per the default installation hence the
firewall kicking off with no policy when the users are on the LAN.
Hope this provides more useful info.
Thanks for the replies so far
The point is, do you want to run SecureClient on the LAN or is it just for
when the clients are out of the office? If so then you can just create a
hardware profile that has SecureClient active when out of the office and not
active when on the LAN.

Chris.
Chris Moore
2004-04-18 00:58:15 UTC
Permalink
Yeah, guess a hw profile controlling the services will do it, thought there
might be a more elegant method of keeping the client configured right for
both requirements.

Thanks


Chris
Post by Chris
Post by Chris Moore
All clients are Windows XP
SecureClient loads on bootup as per the default installation hence the
firewall kicking off with no policy when the users are on the LAN.
Hope this provides more useful info.
Thanks for the replies so far
The point is, do you want to run SecureClient on the LAN or is it just for
when the clients are out of the office? If so then you can just create a
hardware profile that has SecureClient active when out of the office and not
active when on the LAN.
Chris.
Continue reading on narkive:
Loading...