Losing the Enterprise policy in integrity client?

[Checkpoint Newb]

We have a bunch of employees that lose their enterprise policy.

Checkpoint came back to us with a suggestion to of reinstalling the policy through replacing some of the xml files that normally go in C:\Windows\Internet Logs.

The only problem is that requires users to go into Safe Mode to do it. And having users do anything in safe mode is a little sketchy.

So far our helpdesk has just been reinstalling it for the users, but they'd like a better solution.

Any thoughts?

[CSING]

Assuming that you are using 6.5 can you identify any error messages in the windows event viewer? Look for IAMDB.RDB corruption errors. This is generally the cause of issues that require a re-install to get the enterprise policy. This corruption issue has been resolved in build 175 and will be incorperated in HFA6 for 6.5 due out early August. I have made a lot of assumptions but you didn't give us much to go on.

hth

[Checkpoint Newb]

Thanks for the information, I'll see about getting information from some users' event viewer to see if that's the case.

[CSING]

You may get by without a reinstall if you export a known good personal policy (cntl-alt double click on the personal policy) This can be cut and pasted into an new *.xml file. Then from the affected client run the command iclient -config *.xml. This may allow you to connect to the integrity server and download the correct enterprise policy, without going into safe mode or re-installing.

[Checkpoint Newb]

Yeah, that's pretty much what Checkpoint gave us. As it turns out, we're not quite up to the latest version of the server, yet the clients have been updated....

We've got some fun coming up with updates this weekend.

[CSING]

HFA06 clears up a lot of these issue and should be out in a couple of weeks.

[ffaber]

Hello,

We have a similar issue. We have one user who is abroad all the time and connects to the company network through SecureClient VPN. After a week or 2-3 he looses the Enterprise policy in his Integrity Agent. This is no incident. The solution is to connect to the company LAN. Then he gets the Enterprise policy right away and he can work again for 2 to 3 weeks.
Is there a time-out for a Enterprise policy when working remote? Anyone who experienced the same?

Thanks

[unclerichard]

Hi ffaber,

Yes, I have seen this happen quite a few times and the 'reset' option that was shipped with HFA06 (v188) clears this up a treat after the subsequent restart. (CTRL-SHIFT right-click the Integrity systray icon). I can simulate this quite happily by forcing a power off of the endpoint which seems to trash the local .mdb files.

Unc

[CSING]

This may be related to how your catalogs are setup.

Do you have a Catalog setup for the VPN gateway he is using? If not then he should technically getting a different policy than when connecting to the lan. Version number of SC and Integrity would be helpful.

What other behavior does this problem exhibit? When the enterprise policy disappears is there just the personal policy? When he connects to the VPN does the personal policy remain active? Does SC diconnect him from the vpn without the Corperate policy?

[ffaber]

Yes I have defined a NT-domain Catalog, only for the Integrity Firewall not for the VPN gateway. So there is no relation yet with SC (R60) and the Integrity Agent (135) except for the license.

When the enterprise policy disappears is there just the personal policy? Yes only the default Policy
When he connects to the VPN does the personal policy remain active? No, normaly the Enterprise policy should remain active.
Does SC diconnect him from the vpn without the Corperate policy? No

Is this EndpointSecurity_Agent_70843_en.msi the latest version? (HFA6)

Thanks,
Frank

[CSING]

The default policy is not the personal policy...unless you renamed the policy. The default policy often is the system provided enterprise policy that is attached to the enterprise when the catalog policies do not apply.

It may be that the endpoint is getting an enterprise policy...the default and that you should check you entities to see if any of them have the default policy assigned.

NO that is not a 6.5 client it is a 7.0 client.

-cs