Hi, Thats exactly what I want. I want them to be able to disable policy but their connection should be blocked when they do it when they are connected.
But I can't really get it to work. I waited much longer than 15 seconds. Do I have to manually edit the local.scv file on the Policy Server also? And I also totally agree with you about the second point. I really want to disable this "feature", but unfortunately my boss tell me that we need to have it. Regards, Torkel -----Opprinnelig melding----- Fra: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] På vegne av Ray Sendt: 22. november 2006 01:25 Til: [email protected] Emne: Re: [FW-1] SCV policy How long are you waiting? I think SCV checks occur every fifteen seconds. You won't be able to keep them from disabling the policy, but their connections should eventually block. Why do you want them to be able to disable the policy? We don't allow it and we've rarely had a complaint in 3+ years, and none of them were for business-related reasons. Ray >From: Torkel Mathisen <[EMAIL PROTECTED]> >Reply-To: Mailing list for discussion of Firewall-1 ><[email protected]> >To: [email protected] >Subject: [FW-1] SCV policy >Date: Tue, 21 Nov 2006 15:45:21 +0100 > >Hi, > >I want to start using SCV on our home-office users to make sure that >they won't be able to disable policy when they are connected to our VPN. > >I still want them to be able to disable policy when they are not >connected, so disabling this in the SecureClient package is not a >solution. > >I understand this should be possible with SCV though. > >I have already enabled SCV in Global Properties, but I can still disable >the policy on my SecureClient when I'm connected to our VPN. > >My configuration in Global Properties are: > >Apply SCV on Simplified mode Security Policies are checked > >Upon verification failure: >Block client's connection > >Basic configuration verification on client's machine: >Policy is installed on all interfaces > >Configuration Violation Notification on client's machine: >Generate log >Notify the user > > >What more do I need to do to accomplish this? > > >Regards, >Torkel > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= _________________________________________________________________ MSN Shopping has everything on your holiday list. Get expert picks by style, age, and price. Try it! http://shopping.msn.com/content/shp/?ctId=8000,ptnrid=176,ptnrdata=200601&tcode=wlmtagline ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
