Thread: Integrity Agent : Disconnect Policy Not working
View Single Post
  #2 (permalink)  
Old 2007-05-03
navi101 navi101 is offline
Junior Member
  
Join Date: 2007-01-16
Posts: 12
Rep Power: 0
navi101 has an average reputation (10+)
Default Re: Integrity Agent : Disconnect Policy Not working
I have obtained more information in relation to my disconnect issue.

I made one change in the disconnect rule and tried to verify that it had associated to the client correctly.

When I access the Internet Logs directory I looked at AppCache_ _Offline_Internet Ver 2_1178177554336.xml file. Here I can see that the firewall rules are included in the config.

- <firewall>
- <expert>
- <rules>
- <rule name="Copy of Test to" enable="true" ml:refDescription="" ml:refId="19">
<execute action="drop" log="logdb" />
- <destination>
<ipaddress address="192.168.0.1" operation="eq" ml:refId="21" ml:refName="TestNetworkADSL" ml:refDescription="" />
</destination>
<protocols />
- <times>
<daytimerange day1="ALL" />
</times>
</rule>
- <rule name="SSL Access" enable="true" ml:refDescription="SSL Access" ml:refId="11">
<execute action="accept" />
- <source>
<ipaddress address="local" operation="eq" ml:refId="1" ml:refName="Client Computer" ml:refDescription="The client machine." />
<ipaddress address="**" operation="eq" ml:refId="9" ml:refName="SSL_Gateway" ml:refDescription="" />
<ipaddress address="***" operation="eq" ml:refId="14" ml:refName="SSL Gateway Internal" ml:refDescription="" />
</source>
- <destination>
<ipaddress address="local" operation="eq" ml:refId="1" ml:refName="Client Computer" ml:refDescription="The client machine." />
<ipaddress address="****" operation="eq" ml:refId="9" ml:refName="SSL_Gateway" ml:refDescription="" />
<ipaddress address="*****" operation="eq" ml:refId="14" ml:refName="SSL Gateway Internal" ml:refDescription="" />
</destination>
<protocols />
- <times>
<daytimerange day1="ALL" />
</times>
</rule>
- <rule name="WebAccess" enable="true" ml:refDescription="" ml:refId="15">
<execute action="accept" log="logdb" />
- <source>
<ipaddress address="local" operation="eq" ml:refId="1" ml:refName="Client Computer" ml:refDescription="The client machine." />
</source>
- <destination>
<hostname name="*" operation="eq" ml:refId="19" ml:refName="Assist" ml:refDescription="" />
<hostname name="*" operation="eq" ml:refId="20" ml:refName="Assist" ml:refDescription="" />
<iprange address="10.0.0.0" toaddress="10.255.255.255" operation="in" ml:refId="16" ml:refName="Private10Range" ml:refDescription="" />
<iprange address="172.16.0.0" toaddress="172.31.255.255" operation="in" ml:refId="17" ml:refName="Private172Range" ml:refDescription="" />
<iprange address="192.168.0.0" toaddress="192.168.255.255" operation="in" ml:refId="18" ml:refName="Private192Range" ml:refDescription="" />
</destination>
- <protocols>
<tcpudpprotocol protocol="IP_TCP_UDP" srcport="any" dstport="80" ml:refSrcPorts="" ml:refDstPorts="80,8000,8080" ml:refId="2" description="Web Servers" />
<tcpudpprotocol protocol="IP_TCP_UDP" srcport="any" dstport="8000" ml:refId="2" description="Web Servers" />
<tcpudpprotocol protocol="IP_TCP_UDP" srcport="any" dstport="8080" ml:refId="2" description="Web Servers" />
<tcpudpprotocol protocol="IP_TCP" srcport="any" dstport="443" ml:refSrcPorts="" ml:refDstPorts="443" ml:refId="21" description="SSL" />
</protocols>
- <times>
<daytimerange day1="ALL" />
</times>
</rule>
- <rule name="Test_Policy_Dep" enable="true" ml:refDescription="" ml:refId="10">
<execute action="drop" log="logdb" />
- <source>
<ipaddress address="*****" operation="eq" ml:refId="13" ml:refName="Matt" ml:refDescription="" />
</source>
- <destination>
<ipaddress address="local" operation="eq" ml:refId="1" ml:refName="Client Computer" ml:refDescription="The client machine." />
</destination>
<protocols />
- <times>
<daytimerange day1="ALL" />
</times>
</rule>
- <rule name="BlockHTTP&HTTPS" enable="true" ml:refDescription="" ml:refId="14">
<execute action="drop" />
- <source>
<ipaddress address="local" operation="eq" ml:refId="1" ml:refName="Client Computer" ml:refDescription="The client machine." />
</source>
- <protocols>
<tcpudpprotocol protocol="IP_TCP_UDP" srcport="any" dstport="80" ml:refSrcPorts="" ml:refDstPorts="80,8000,8080" ml:refId="2" description="Web Servers" />
<tcpudpprotocol protocol="IP_TCP_UDP" srcport="any" dstport="8000" ml:refId="2" description="Web Servers" />
<tcpudpprotocol protocol="IP_TCP_UDP" srcport="any" dstport="8080" ml:refId="2" description="Web Servers" />
<tcpudpprotocol protocol="IP_TCP" srcport="any" dstport="443" ml:refSrcPorts="" ml:refDstPorts="443" ml:refId="21" description="SSL" />
</protocols>
- <times>
<daytimerange day1="ALL" />
</times>
</rule>
</rules>
</expert>
</firewall>

This gave me the impression that the config had been downloaded to the client correctly.

But when I CTRL + ALT and left click the offline policy (policy.xml file) within the client, I noticed that the config was not the same as the one in the Internet Logs dir.

- <firewall>
- <expert>
<rules />
</expert>
</firewall>
- <fwrestricted>
<rules />
</fwrestricted>


Actually the offline policy did not include any config for the firewall rules.

This config came from

Check Point Integrity Agent version:6.5.063.135
TrueVector version:6.5.063.135
Driver version:6.5.063.135
Anti-spyware engine version:4.1.7.0
Anti-spyware signature DAT file version:01.200512.210

But I have also tried out the same with the latest agent and obtained the same results.

Has anyone else come across this issue ?

Many Thanks, Matt
Reply With Quote