CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have 52 attendees signed up from 14 countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 8/25, 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Internal Security > Endpoint Security (Formerly Integrity)
Reload this Page Program Control
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-08-01
deano deano is offline
Junior Member
  
Join Date: 2006-08-01
Posts: 4
Rep Power: 0
deano has an average reputation (10+)
Default Program Control
Has anyone used program control within Integrity 6.5?

I'm trying to use it but it seems to be ignoring any rules i setup,

Anything unusual i should know?

Cheers

Dean
Reply With Quote
  #2 (permalink)  
Old 2006-08-02
RobertGraham RobertGraham is offline
Senior Member
  
Join Date: 2006-02-02
Posts: 204
Rep Power: 3
RobertGraham has an average reputation (10+)
Send a message via MSN to RobertGraham Send a message via Yahoo to RobertGraham
Default Re: Program Control
Could you post the rule? We played with it and it seemed to work fine.

Make sure that the systems you are dealing with are in the Trusted Zone. If you only block to the Internet Zone and have nothing in your Trusted Zone, it will only block.

Also, you want to watch out that you don't allow a client program like telnet to have server access since this doesn't make sense. You then have no way to test this.

Also, it sounds like things are allowed that you expect to be blocked - not that things are blocked you expect to be allowed. Please confirm this.

Once you get this up, I'll take a look and try to help.
Reply With Quote
  #3 (permalink)  
Old 2006-08-04
deano deano is offline
Junior Member
  
Join Date: 2006-08-01
Posts: 4
Rep Power: 0
deano has an average reputation (10+)
Default Re: Program Control
Things are being blocked that i expect to be allowed,

For example, first rule on my program control is Internet Explorer, its firewall rule is Client Any Any yet internet explotrer does not let me browse...

Attached a screen shot...

Thanks for your help

Deano
Attached Images
File Type: jpg programcontrol.jpg (83.6 KB, 122 views)
Reply With Quote
  #4 (permalink)  
Old 2006-08-04
kva.kva kva.kva is offline
Senior Member
  
Join Date: 2006-01-26
Location: Moscow, Russia
Posts: 706
Rep Power: 3
kva.kva has an average reputation (10+)
Default Re: Program Control
Are you sure that its your version of IE? What client do you use? If flex - check log on client - may be your personal policy disables IE. What do you see in Integrity server's log?
Reply With Quote
  #5 (permalink)  
Old 2006-08-04
deano deano is offline
Junior Member
  
Join Date: 2006-08-01
Posts: 4
Rep Power: 0
deano has an average reputation (10+)
Default Re: Program Control
Yep thats def the correct version of IE, integrity actually detected that version of IE on the client. Personal policy doesnt disable IE either. Using the Zone Labs Integrity Agent as the client.
Reply With Quote
  #6 (permalink)  
Old 2006-08-04
kva.kva kva.kva is offline
Senior Member
  
Join Date: 2006-01-26
Location: Moscow, Russia
Posts: 706
Rep Power: 3
kva.kva has an average reputation (10+)
Default Re: Program Control
What do you see in server's log? May be you define incorrect Entity. Do you have Global program's perpmissions?
Reply With Quote
  #7 (permalink)  
Old 2006-08-10
deano deano is offline
Junior Member
  
Join Date: 2006-08-01
Posts: 4
Rep Power: 0
deano has an average reputation (10+)
Default Re: Program Control
I havnt setup any Global Program Permissions, shouldnt need to should i?
Reply With Quote
  #8 (permalink)  
Old 2006-08-14
RobertGraham RobertGraham is offline
Senior Member
  
Join Date: 2006-02-02
Posts: 204
Rep Power: 3
RobertGraham has an average reputation (10+)
Send a message via MSN to RobertGraham Send a message via Yahoo to RobertGraham
Default Re: Program Control
No, you shouldn't need to set it up globally. You might try doing this just in case it's a bug specific to your environment.

Also, HFA03 came out on Friday. You might try downloading that from the CHKP website just to get the client software. Try installing that and seeing if it helps.


Also, this sounds dumb but did you make sure to deploy the policy and restart the client?
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 15:37.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0