Thread: SCV issue with Integrity
View Single Post
  #1 (permalink)  
Old 2005-11-22
jameshill jameshill is offline
Junior Member
  
Join Date: 2005-08-21
Posts: 2
Rep Power: 0
jameshill has an average reputation (10+)
Default SCV issue with Integrity
Not sure if anyone has experienced this issue, but I thought that I would ask. I have configured a firewall for SecureClient and I have setup my local.scv file to check for the Integrity client. I have also modified my Global Properties to not allow connectivity to the VPN if the SCV check fails. In order that the
SecureClient can communicate with the Integrity Server, there
has to be a rule on the FW that allows unverified communication between
the Client and the Server in order to recieve policy etc.
I created 3 new services for unverified http, https and Zoneprotocol as
described in the guide.
The new services look like this:

- Service of type other
- protocol 6
- match dport=80, r_scvres=SCV_DONT_VERIFY

The same was done for https - dport=443
and the service for zoneprotocol has protocol 17 and dport=6054.

When I try to install the policy, however, I get the following errors:

"/opt/CPfw1-R55p/conf/Standard_11_18_2005_1.pf", line 3136: ERROR: cannot find <http_wo_scv> anywhere

"/opt/CPfw1-R55p/conf/Standard_11_18_2005_1.pf", line 2623: ERROR: syntax error


Has anyone seen this before?
Reply With Quote