Thread: CheckPoint's Integrity product
View Single Post
  #17 (permalink)  
Old 2006-08-23
dingo8mybaby dingo8mybaby is offline
Junior Member
  
Join Date: 2006-08-23
Location: Europe
Posts: 18
Rep Power: 0
dingo8mybaby has an average reputation (10+)
Send a message via ICQ to dingo8mybaby
Default Re: CheckPoint's Integrity product
Specific issues I have encountered:

Integrity v6.5.063.056 agent/flex client will not let our Windows Mobile 5.0 devices talk to the locally attached laptop – connection is via a usb cable. It works fine with our Pocket PC 2001 & 2003 PDA’s, but it refuses to let the traffic to and from the IPAq, claiming its trying to route to an internet server from our trusted zone?

Import of reference source works, but there are no programs displayed in the reference display box

Import via Programs / Reference Sources / Import: some of the Imports work ok and all the files are imported, for the new ones I am trying to add the import runs, but when I check the list of reference programs it’s not listed.

On the new v6.5 servers I had the same issue when trying to import via global policy settings / reference sources / import. Some of the files imported, but not all of them.

With this I then imported the reference file via global policy settings / reference sources / programs / manually added and when I went back and re-imported the reference scan via global policy settings / reference sources / import, it worked. This option is not available on the 4.5 servers which is a major issue for me

.Unable to successfully generate a certificate request from the 6.5 servers, tried to put in ‘xxxxxxxxx.xx.xxx-xxxx.xxxxxxxx’ however it will not let me put in a FQDN that is that long, all I can put in is ‘xxxxxxxxx.xx.xxx-xxxx.xxx’

Integrity SQL DataBase can’t be installed on named instance data bases, it can only be installed on the Default instance. With our large, clustered DB environment this does not fit well with our deployment mode.

DB performance seems to be poor to indifferent. Current DB server is an 8-way IBM 440 with 12gb of Ram and 500gb SAN storage – but performance still seems to be indifferent.

Currently of 250 deployed test clients I have 120 that are generating over 500,000 client errors a day – ‘Attempted policy download failed’ All are compliant and on the corporate LAN and connected to the Integrity cluster but I can’t figure out the issue.

I have a problem with CA apps – in that each time they start they send a broadcast packed to a couple of Internet addresses. This means that my client event log for applications is absolutely massive and I can’t find any way to filter the broadcasts out to easily look at genuine application events and monitor what’s going on.

Current setup is multiple ibm blade servers in clusters linked via Cisco content switches. Servers are all W2K3 SP1. The DB is on a fairly powerful cluster, but I cant say I am impressed by its performance. All the servers connect via GB networking and all clients connect via 100mb full duplex connections. VPN connection is managed via two integrated Cisco 3000 VPN boxes and a couple of 20mb pipes. Flex and Integrity Agents are deployed, with a mixture of Enterprise, Disconnected and Personal policy files.
Last edited by dingo8mybaby; 2006-08-23 at 04:53.
Reply With Quote