Torkel Mathisen wrote: > Hi, > > I want to start using SCV on our home-office users to make sure that > they won't be able to disable policy when they are connected to our VPN. > > I still want them to be able to disable policy when they are not > connected, so disabling this in the SecureClient package is not a > solution. > > I understand this should be possible with SCV though. > > I have already enabled SCV in Global Properties, but I can still disable > the policy on my SecureClient when I'm connected to our VPN. > > My configuration in Global Properties are: > > Apply SCV on Simplified mode Security Policies are checked > > Upon verification failure: > Block client's connection > > Basic configuration verification on client's machine: > Policy is installed on all interfaces > > Configuration Violation Notification on client's machine: > Generate log > Notify the user > > > What more do I need to do to accomplish this? > > > Regards, > Torkel > Hi, there are much more parameters to configure, but not with SmartDashboard. As you write, you can modify userc.C, so e.g. users cannot stop SecureClient. Additionally, at the SmartCenter you have the file $FWDIR/conf/local.scv which deals with SCV. As an example: If the parameter "disconnect_when_not_verified" is set to "true", it will not only be checked if the client is compliant when starting the session. Maybe the SCV Editor (http://www.checkpoint.com/downloads/quicklinks/utilities/downloadsng/utilities/sc_scv_tools.html) helps modifying local.scv. Hope it helps, best regards, Matthias -- AERAsec Network Services and Security GmbH Wagenberger Strasse 1 D-85662 Hohenbrunn, Germany http://www.aerasec.de http://www.fw-1.eu
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
