Not sure the reasoning for removing the Desktop Policy other than the following:
When saving the policy, you are only saving the current policy you are working with (e.g. the Rule Base and NAT, or the Desktop Policy). This is ONLY the policy, not any objects. By saving rule bases this way, you will eventually cause the policy installs to slow down. This is because every time you install policies, the install process will check (verify) every policy before pushing it (this is new in NG). One way to get around this problem is to use the "Database Revision Control" option instead. This will not only save the rule base, but also the object and any other rule base open at the time. You can then use this feature to role back to a known good rule base in the event you push a policy that breaks things. This also solves the extended time for the policy push. The other neat feature when using the "Database Revision Control" is you can actually see the database as it was for a log entry by right-clicking on a log entry and choose "View Rule in Smart Dashboard" (FP3 and AI only as far as I know - assumes there is a database revision for the time during which the log entry was made). Hope this helps, Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, December 15, 2003 9:10 AM To: [EMAIL PROTECTED] Subject: Re: [FW-1] Policy server problem I'm not sure if this will fix your policy server being down or not, but I have some information regarding the Desktop Security tab. For some reason known only to Checkpoint, they have added an "enhancement" (at least in FP3, not sure about AI) where everytime you save a policy that contains a Desktop Security policy, the Desktop Security tab disappears. They claim to have done this on purpose, but I don't understand why. They have a simple 19 step workaround for this enhancement. If you have a user account you can go to the non-public Secure Knowledge database and do a search on "Desktop Security tab is not available". This should bring up sk19441. I have no idea why this isn't available on the public database. I hope this helps. If you have a problem getting the workaround let me know and I'll spell it out for you. Harley "Serwatko Paweł" <[EMAIL PROTECTED]> Sent by: "Mailing list for discussion of Firewall-1" <[EMAIL PROTECTED]> 12/15/2003 08:19 AM Please respond to "Mailing list for discussion of Firewall-1" <[EMAIL PROTECTED]> To [EMAIL PROTECTED] cc Subject [FW-1] Policy server problem Hello I'm trying to configure Secure Client with desktop policy and I have a problem. I installed proper licence on FW server, then checked "Secure Client Policy Server" in General Properties of firewall object. Then I created and selected proper user group for policy server in Authentication tab. Finally I installed this policy on firewall server. I don't know why but status of my Policy server is still down. I don't have any idea what to do to make it in up status. Maybe there are other options to configure. I have some manuals about Secure Client and there is something called "Desktop security tab". I don't have any tab like this in Smartdashboard. Maybe this tab appears when Policy Server is in up status. Can anyone help me with it? I have FW NG FP3 HF305 on Windows 2000 server. Thanks a lot Pawel [EMAIL PROTECTED] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
