CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have 72 attendees signed up from 20 countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Internal Security > Endpoint Security (Formerly Integrity)
Reload this Page Integrity Agent : Disconnect Policy Not working
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2007-05-01
navi101 navi101 is offline
Junior Member
  
Join Date: 2007-01-16
Posts: 10
Rep Power: 0
navi101 has an average reputation (10+)
Default Integrity Agent : Disconnect Policy Not working
I am having issue with the Disconnect policy within Checkpoint Integrity .

We are using Zone Rules and Firewall Setting to control access to services.

I noticed that it does not look like the disconnect policy is doing anything while not connected to the integrity server.

If you select policy on the Integrity Agent the Disconnect policy is active and it appears that the file is downloaded correctly as I have checked the Internet Log dir.

The Integrity Agent I am using is 6.5.063.135

The last test I have carried out was to block all traffic except DNS and DHCP, but I can still access website and ping my default gateway.

Has anyone ever seen this problem as I am lost. I have also tried upgrading to the latest version of Integrity Agent but this does not make any difference.

The server version I am using is 6.50.613.000.

Thanks for any help offered.

Matt
Reply With Quote
  #2 (permalink)  
Old 2007-05-03
navi101 navi101 is offline
Junior Member
  
Join Date: 2007-01-16
Posts: 10
Rep Power: 0
navi101 has an average reputation (10+)
Default Re: Integrity Agent : Disconnect Policy Not working
I have obtained more information in relation to my disconnect issue.

I made one change in the disconnect rule and tried to verify that it had associated to the client correctly.

When I access the Internet Logs directory I looked at AppCache_ _Offline_Internet Ver 2_1178177554336.xml file. Here I can see that the firewall rules are included in the config.

- <firewall>
- <expert>
- <rules>
- <rule name="Copy of Test to" enable="true" ml:refDescription="" ml:refId="19">
<execute action="drop" log="logdb" />
- <destination>
<ipaddress address="192.168.0.1" operation="eq" ml:refId="21" ml:refName="TestNetworkADSL" ml:refDescription="" />
</destination>
<protocols />
- <times>
<daytimerange day1="ALL" />
</times>
</rule>
- <rule name="SSL Access" enable="true" ml:refDescription="SSL Access" ml:refId="11">
<execute action="accept" />
- <source>
<ipaddress address="local" operation="eq" ml:refId="1" ml:refName="Client Computer" ml:refDescription="The client machine." />
<ipaddress address="**" operation="eq" ml:refId="9" ml:refName="SSL_Gateway" ml:refDescription="" />
<ipaddress address="***" operation="eq" ml:refId="14" ml:refName="SSL Gateway Internal" ml:refDescription="" />
</source>
- <destination>
<ipaddress address="local" operation="eq" ml:refId="1" ml:refName="Client Computer" ml:refDescription="The client machine." />
<ipaddress address="****" operation="eq" ml:refId="9" ml:refName="SSL_Gateway" ml:refDescription="" />
<ipaddress address="*****" operation="eq" ml:refId="14" ml:refName="SSL Gateway Internal" ml:refDescription="" />
</destination>
<protocols />
- <times>
<daytimerange day1="ALL" />
</times>
</rule>
- <rule name="WebAccess" enable="true" ml:refDescription="" ml:refId="15">
<execute action="accept" log="logdb" />
- <source>
<ipaddress address="local" operation="eq" ml:refId="1" ml:refName="Client Computer" ml:refDescription="The client machine." />
</source>
- <destination>
<hostname name="*" operation="eq" ml:refId="19" ml:refName="Assist" ml:refDescription="" />
<hostname name="*" operation="eq" ml:refId="20" ml:refName="Assist" ml:refDescription="" />
<iprange address="10.0.0.0" toaddress="10.255.255.255" operation="in" ml:refId="16" ml:refName="Private10Range" ml:refDescription="" />
<iprange address="172.16.0.0" toaddress="172.31.255.255" operation="in" ml:refId="17" ml:refName="Private172Range" ml:refDescription="" />
<iprange address="192.168.0.0" toaddress="192.168.255.255" operation="in" ml:refId="18" ml:refName="Private192Range" ml:refDescription="" />
</destination>
- <protocols>
<tcpudpprotocol protocol="IP_TCP_UDP" srcport="any" dstport="80" ml:refSrcPorts="" ml:refDstPorts="80,8000,8080" ml:refId="2" description="Web Servers" />
<tcpudpprotocol protocol="IP_TCP_UDP" srcport="any" dstport="8000" ml:refId="2" description="Web Servers" />
<tcpudpprotocol protocol="IP_TCP_UDP" srcport="any" dstport="8080" ml:refId="2" description="Web Servers" />
<tcpudpprotocol protocol="IP_TCP" srcport="any" dstport="443" ml:refSrcPorts="" ml:refDstPorts="443" ml:refId="21" description="SSL" />
</protocols>
- <times>
<daytimerange day1="ALL" />
</times>
</rule>
- <rule name="Test_Policy_Dep" enable="true" ml:refDescription="" ml:refId="10">
<execute action="drop" log="logdb" />
- <source>
<ipaddress address="*****" operation="eq" ml:refId="13" ml:refName="Matt" ml:refDescription="" />
</source>
- <destination>
<ipaddress address="local" operation="eq" ml:refId="1" ml:refName="Client Computer" ml:refDescription="The client machine." />
</destination>
<protocols />
- <times>
<daytimerange day1="ALL" />
</times>
</rule>
- <rule name="BlockHTTP&HTTPS" enable="true" ml:refDescription="" ml:refId="14">
<execute action="drop" />
- <source>
<ipaddress address="local" operation="eq" ml:refId="1" ml:refName="Client Computer" ml:refDescription="The client machine." />
</source>
- <protocols>
<tcpudpprotocol protocol="IP_TCP_UDP" srcport="any" dstport="80" ml:refSrcPorts="" ml:refDstPorts="80,8000,8080" ml:refId="2" description="Web Servers" />
<tcpudpprotocol protocol="IP_TCP_UDP" srcport="any" dstport="8000" ml:refId="2" description="Web Servers" />
<tcpudpprotocol protocol="IP_TCP_UDP" srcport="any" dstport="8080" ml:refId="2" description="Web Servers" />
<tcpudpprotocol protocol="IP_TCP" srcport="any" dstport="443" ml:refSrcPorts="" ml:refDstPorts="443" ml:refId="21" description="SSL" />
</protocols>
- <times>
<daytimerange day1="ALL" />
</times>
</rule>
</rules>
</expert>
</firewall>

This gave me the impression that the config had been downloaded to the client correctly.

But when I CTRL + ALT and left click the offline policy (policy.xml file) within the client, I noticed that the config was not the same as the one in the Internet Logs dir.

- <firewall>
- <expert>
<rules />
</expert>
</firewall>
- <fwrestricted>
<rules />
</fwrestricted>


Actually the offline policy did not include any config for the firewall rules.

This config came from

Check Point Integrity Agent version:6.5.063.135
TrueVector version:6.5.063.135
Driver version:6.5.063.135
Anti-spyware engine version:4.1.7.0
Anti-spyware signature DAT file version:01.200512.210

But I have also tried out the same with the latest agent and obtained the same results.

Has anyone else come across this issue ?

Many Thanks, Matt
Reply With Quote
  #3 (permalink)  
Old 2007-06-26
CSING CSING is offline
Member
  
Join Date: 2007-06-22
Posts: 94
Rep Power: 2
CSING has an average reputation (10+)
Default Re: Integrity Agent : Disconnect Policy Not working
You are looking at two different policies.
Your personal default policy. Policy.xml
and the disconnect policy Offline_Internet.xml

Your disconnected policy is not active when you are testing.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 05:35.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0