Thanks, do you know of any docs/whitepapers that explain how to use the SecureClient Packaging tool ?? and also, is this function available for NG FP3 ??? or is it an AI feature?
-----Original Message----- From: Ray Pesek [mailto:[EMAIL PROTECTED] Sent: 31 March 2004 17:47 To: [EMAIL PROTECTED] Subject: Re: [FW-1] SecureClient - Blocking web browsing 1. Use the SecureClient Packaging Tool on the management station to create a customized build of SecureClient. Select the options that do not allow them to unload the policy or shut down SecureClient. Allow DHCP to work even if the policy does not allow it. 2. Use SCV so they cannot connect to the internal network unless the policy is loaded. 3. Implement an Outbound desktop rule like so: Source: [EMAIL PROTECTED] Destination: any Service: any Action: drop This will cause one big issue. The "[EMAIL PROTECTED]" rules are the desktop security policy that is in effect when they are NOT VPNed in. Some hotel broadband systems, notably STSN, require that a browser outbound connection come from the laptop. They then intercept the call and pop up their own page that you have to click a button on to get Internet access. No clicky, no Internet. No browser outbound, no STSN page, no Internet, no VPN connection. Kind of a chicken-or-egg thing. If you have a forced browser home page, you could create an outbound rule to allow HTTP to it, even if it is unreachable from the Internet. This is enough to trip the STSN page. Ray >From: "Brett, Gary" <[EMAIL PROTECTED]> >Reply-To: Mailing list for discussion of Firewall-1 ><[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: [FW-1] SecureClient - Blocking web browsing >Date: Wed, 31 Mar 2004 13:07:32 +0100 > >Dear all > >I am implementing secure client for all remote users, but as my test bed >has >highlighted there are concerns over the users connecting to the internet >and >not using the VPN, i.e. for non work related reasons and installing all >types of goodies from the net on their laptops. Does anybody know of a way >I >can set it up so that when connecting to the net, it always and only >connects to the firewall hence not giving them the ability to browse the >web >at all? Unfortunately for me, my users are quite PC literate and as such >this method would have to be put in place with no workaround (well, no >obvious one at least). I am quite willing to look at reg hacks to lock the >OS down, but I don't know if they'll solve my problem > > >any help would be greatly appreciated > >regards >Gary >This electronic message contains information from Halifax Cetelem Credit >Ltd >which may be privileged or confidential. The information is intended to be >for the use of the individual(s) or entity named above. If you are not the >intended recipient be aware that any disclosure, copying, distribution or >use of the contents of this information is prohibited. If you have received >this electronic message in error, please notify us by telephone or email >(to >the numbers or address above) immediately. > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= _________________________________________________________________ MSN Toolbar provides one-click access to Hotmail from any Web page - FREE download! http://toolbar.msn.com/go/onm00200413ave/direct/01/ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= This electronic message contains information from Halifax Cetelem Credit Ltd which may be privileged or confidential. The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic message in error, please notify us by telephone or email (to the numbers or address above) immediately. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
