When I installed the management station, I simply selected it to be installed, as I recall. This was FP3 to start with.
You go over to the Check Point public free downloads and get the administrator version of the operating system you want. This is just the install program but with the individual files available. Save it into a folder on the management station. You have to have all GUI clients closed to run the tool.
You select the "administrator" version folder as the source and pick your options. The tool creates a single executable in a new destination folder that you also select.
It's pretty nice as it lets you embed some limited topology information in the installation executable, which makes the initial setup much easier since it already knows the firewall IP and policy server IP. I have mine set to default to Connect mode, know the firewall and policy server IPs, do not allow the end user to unload the desktop policy or to stop SecureClient and basically a three click install. Run it, OK the license and OK the reboot. No muss, no fuss. I also have IKE over TCP and UDP Encapsulation preselected and locked down.
We have the installation path hard-coded as well because we use iPass and it needs to know the path to ConnSHApp.exe.
Ray
--- "Brett, Gary" <[EMAIL PROTECTED]> wrote: > Thanks, do you know of any docs/whitepapers that > explain how to use the > SecureClient Packaging tool ?? and also, is this > function available for NG > FP3 ??? or is it an AI feature? > > -----Original Message----- > From: Ray Pesek [mailto:[EMAIL PROTECTED] > Sent: 31 March 2004 17:47 > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] SecureClient - Blocking web > browsing > > > 1. Use the SecureClient Packaging Tool on the > management station to create a > customized build of SecureClient. Select the options > that do not allow them > to unload the policy or shut down SecureClient. > Allow DHCP to work even if > the policy does not allow it. > > 2. Use SCV so they cannot connect to the internal > network unless the policy > is loaded. > > 3. Implement an Outbound desktop rule like so: > > Source: [EMAIL PROTECTED] > Destination: any > Service: any > Action: drop > > This will cause one big issue. The "[EMAIL PROTECTED]" > rules are the desktop > security policy that is in effect when they are NOT > VPNed in. Some hotel > broadband systems, notably STSN, require that a > browser outbound connection > come from the laptop. They then intercept the call > and pop up their own page > that you have to click a button on to get Internet > access. > > No clicky, no Internet. No browser outbound, no STSN > page, no Internet, no > VPN connection. Kind of a chicken-or-egg thing. If > you have a forced browser > home page, you could create an outbound rule to > allow HTTP to it, even if it > is unreachable from the Internet. This is enough to > trip the STSN page. > > Ray > > > >From: "Brett, Gary" <[EMAIL PROTECTED]> > >Reply-To: Mailing list for discussion of Firewall-1 > ><[EMAIL PROTECTED]> > >To: [EMAIL PROTECTED] > >Subject: [FW-1] SecureClient - Blocking web > browsing > >Date: Wed, 31 Mar 2004 13:07:32 +0100 > > > >Dear all > > > >I am implementing secure client for all remote > users, but as my test bed > >has > >highlighted there are concerns over the users > connecting to the internet > >and > >not using the VPN, i.e. for non work related > reasons and installing all > >types of goodies from the net on their laptops. > Does anybody know of a way > >I > >can set it up so that when connecting to the net, > it always and only > >connects to the firewall hence not giving them the > ability to browse the > >web > >at all? Unfortunately for me, my users are quite PC > literate and as such > >this method would have to be put in place with no > workaround (well, no > >obvious one at least). I am quite willing to look > at reg hacks to lock the > >OS down, but I don't know if they'll solve my > problem > > > > > >any help would be greatly appreciated > > > >regards > >Gary > >This electronic message contains information from > Halifax Cetelem Credit > >Ltd > >which may be privileged or confidential. The > information is intended to be > >for the use of the individual(s) or entity named > above. If you are not the > >intended recipient be aware that any disclosure, > copying, distribution or > >use of the contents of this information is > prohibited. If you have received > >this electronic message in error, please notify us > by telephone or email > >(to > >the numbers or address above) immediately. > > > >================================================= > >To set vacation, Out-Of-Office, or away messages, > >send an email to [EMAIL PROTECTED] > >in the BODY of the email add: > >set fw-1-mailinglist nomail > >================================================= > >To unsubscribe from this mailing list, > >please see the instructions at > >http://www.checkpoint.com/services/mailing.html > >================================================= > >If you have any questions on how to change your > >subscription options, email > >[EMAIL PROTECTED] > >================================================= > > _________________________________________________________________ > MSN Toolbar provides one-click access to Hotmail > from any Web page - FREE > download! > http://toolbar.msn.com/go/onm00200413ave/direct/01/ > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > This electronic message contains information from > Halifax Cetelem Credit Ltd > which may be privileged or confidential. The > information is intended to be > for the use of the individual(s) or entity named > above. If you are not the > intended recipient be aware that any disclosure, > copying, distribution or > use of the contents of this information is > prohibited. If you have received > this electronic message in error, please notify us > by telephone or email (to > the numbers or address above) immediately. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > =================================================
__________________________________ Do you Yahoo!? Yahoo! Small Business $15K Web Design Giveaway http://promotions.yahoo.com/design_giveaway/
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
_________________________________________________________________ MSN Toolbar provides one-click access to Hotmail from any Web page � FREE download! http://toolbar.msn.com/go/onm00200413ave/direct/01/
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
