You are modifying the copy on the SmartCenter and pushing the policy
afterwards, right? I'm sure you are, but i thought I'd ask. :-)
How often are your topology updates set for? I have mine set for one hour to
assure changes like these are downloaded quickly. Check the copy on the
laptop after you connect and make sure the changes you made are present.
As an alternative to allowing it to be disabled, you could set up a "all
[EMAIL PROTECTED]" inbound and outbound rule with any-any-accept. That would give
the same effect, but you could add rules remotely when needed and not have
to worry about the firewall being disabled.
Ray
From: Torkel Mathisen <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: [FW-1] SV: [FW-1] SCV policy
Date: Wed, 22 Nov 2006 12:15:12 +0100
> Hi,
> there are much more parameters to configure, but not with
> SmartDashboard. As you write, you can modify userc.C, so e.g. users
> cannot stop SecureClient.
> Additionally, at the SmartCenter you have the file
$FWDIR/conf/local.scv
> which deals with SCV. As an example: If the parameter
> "disconnect_when_not_verified" is set to "true", it will not only be
> checked if the client is compliant when starting the session. Maybe
the
> SCV Editor
>
(http://www.checkpoint.com/downloads/quicklinks/utilities/downloadsng/ut
il
> ities/sc_scv_tools.html)
> helps modifying local.scv.
> Hope it helps,
> best regards,
> Matthias
I tried to modify local.scv also. I modified:
:SCVGlobalParams (
:disconnect_when_not_verified (true)
:block_connections_on_unverified (true)
)
Modifised from false to true.
It looks right to me, but he still didn't get blocked.
Anything else?
Regards,
Torkel
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
_________________________________________________________________
Get free, personalized commercial-free online radio with MSN Radio powered
by Pandora http://radio.msn.com/?icid=T002MSN03A07001
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
