Quote:
| Originally Posted by Sergej I waiting for CheckPoint support answer for now. |
Here is the reply from CheckPoint Tech-Support. I did not try this by myself.
- SecureClient cannot be running without firewall, however the customer can use "any any accept" policy;
- there is no direct procedure for default policy change, however there is workaround described bellow.
###########
Applying SecureClient R56 initial Policy without logging in to Policy Server
Solution:
In R56 SecureClient, you can apply an initial Desktop Policy at first boot after installation of preconfigured package, without logging in to Policy Server. This provides additional security for remote users immediately after a new installation.
Procedure:
1) Install SecureClient on a test machine and connect to Policy Server, to download correct Policy.
2) Save all "SecuRemote\Policy\local.*" files.
3) Save "SecuRemote\initialpolicy.bat."
4) Open installation "tar.gz" (zipped) file of R56 client.
5) Place both files copied from "\Policy" directory and "initialpolicy.bat" in the extracted files directory.
6) Edit "product.ini."
7) Add "initialpolicy.bat" to [install] section. This will run copied "initialpolicy.bat."
8) Package extracted files using Packaging Tool or other means.
NOTE: You can also leave the package unzipped, and simply run "setup.exe."
After installation, SecureClient will have an initial Policy without logging in to Policy Server.
NOTE: If you have user groups defined on the firewall, include the \policy\group_file.
###########