Enable Secure Configuration Verification with a few rudimentary checks and "block on unverified." Unless you specifically allow it, SecuRemote cannot pass an SCV check.
Ray
From: rdornhart <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[email protected]> To: [email protected] Subject: [FW-1] Check Point Remote Access Clents Date: Thu, 14 Apr 2005 19:36:05 +1000
After much work and bitter disappointment I have found what most of you already knew, one can not stop SecuRemote from split-tunneling. I understand that SecureClient through the use of Hub Mode and the desktop security allows one to control split tunneling. My question is if we are using SecureClient as the remote access client what stops a user with remote access privileges from loading SecuRemote and making a remote access connection.
Can you stop users from connecting with SecuRemote and only allow SecurClient connections?
On another note I have found that the Cisco VPN 3005 with the free Cisco client is a good solution. For $2500 I can have 200 connections and no split-tunneling, I wish I have this option with SecuRemote.
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
