 | ||
 CheckPoint's Integrity product | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2006-02-02 | |||
| |||
 CheckPoint's Integrity product Hello: I'm curious about what anyone has experienced using this product. I'm especially interested in problems, difficulties, and anomalies. If you could post what you've done or tried and what happened that'd be great. Regards, Robert Graham  |
| 2006-02-07 | |||
| |||
| Re: CheckPoint's Integrity product Hi Robert, I'm deploying Check Point Integrity for the first time. After 3 weeks of problems regarding integration with CKP Gateway, it's finally working... CKP Integrity is really good and works as described in datasheet. If you decide to install, you won't be sorry. If you have any doubts, I'll be happy to assist you. Regards, Leandro |
| 2006-02-07 | |||
| |||
| Re: CheckPoint's Integrity product Quote:
-jlh |
| 2006-02-14 | |||
| |||
| Re: CheckPoint's Integrity product hi :) I'm french student and currently I m doing my intership. I have to put in place an simple Integrity solution and it s done... (client Flex and Agent + server standalone and incorporated databased without ldap or radius...) But I ve to do a restore/backup procedure... and I dont know how to do this :( Maybe I have to copy all the directory ... but I think it's not really good Have u got a better solution ? It will be so great if u ve got a better solution thanks |
| 2006-02-14 | |||
| |||
| Re: CheckPoint's Integrity product From Installation Guide "To back up your Integrity installation: 1. Make a copy of the entire home directory and save it to a safe location. The default is C:\Program Files\Zone Labs\Integrity for 5.x versions and C:\Program Files\CheckPoint\Integrity for 6.x versions. 2. Back up your database. If your installation includes an embedded database, your backup is already complete. If your installation uses a third-party database, use the preferred vendor-specific tool to back up the database." |
| 2006-02-14 | |||
| |||
| Re: CheckPoint's Integrity product Regarding backing up... You'll probably have to stop the process though, even though it doesn't say it in the Server Installation Guide. They might still be readable, so you'd want to test both. The problem of not stopping the daemon/service is that it might change a file while you're copying. This would be bad. Is your installation a cluster? |
| 2006-02-16 | |||
| |||
| Re: CheckPoint's Integrity product thanks for ur help, i find this solution in the doc :) and i try to do it but it didnt work... i backed up a linux install and try to use it with a windows upgrade install so i guess that's why i didnt succed.. i ll try today an upgrade intall on linux with my linux save.. I ve got an other question.. i try to encrypt IM messages between 2 clients with integrity flex and msn but nothing, i m still seeing the message with no encryption... maybe someone already tried this feature on integrity Thanks |
| 2006-03-16 | |||
| |||
| Re: CheckPoint's Integrity product Heterogeneous back-up/restores don't usually work, especially with CheckPoint software. As far as IMing goes - there's binary that both sides have to download. Did you do that? |
| 2006-03-23 | |||
| |||
| Re: CheckPoint's Integrity product If you select encrypted IMs in the policy the following URL is shown in the IM window while chatting... http://www.zonelabs.com/imSecurity Install the app and it should work. |
| 2006-05-09 | |||
| |||
| Re: CheckPoint's Integrity product I have been working with the deployment of Checkpoint Intregrity for 2 months and have all sorts of issues with it. Here is my server info: Integrity Version Information Product: Integrity Server Version: 6.50.616.000 Anti-Spyware Version Information Engine Version: 4.1.7.0 DAT version: 01.200604.243 I have an NT Domain Entity. I have added all of our private subnets to the Access Zones in the policy. I have the policy almost completely stripped out with no blocking. I added a disconnect and a connected policy with the client package. After I deployed the client, the users are having trouble printing, getting into any AD Tools, mapping drives etc. Most of all even if the staff member shuts down the Integrity Software it still affects them. We must uninstall the software sometimes in order for it to stop the issues. Has anyone came across any of these issues. Any advice would be greatly appreciated. Thank you. Last edited by dlecato; 2006-05-09 at 07:42. |
| 2006-06-13 | |||
| |||
| Re: CheckPoint's Integrity product We've been using custom ID for our implementation, because the other solutions don't scale. We've requested that CheckPoint put scalable enterprise/ISP ready auth methods like non-import LDAP and RADIUS in the product. So, I can't speak for any auth tied to AD. Having said that, whenever you stop the Integrity client service, there should be no way that it can interfere with traffic. Make sure that the processes are also stopped. To be sure, you would probably want to do packet dumps to confirm this. If it does, that's clearly a bug and should be submitted to CheckPoint - TSR behavior...
The closest we came to an issue like this was with Outlook. We don't know yet how to allow the Exchange server to contact the Outlook client to tell it there's new mail for it. But, there's a workaround for that too, we're just not sure if our customers will accept it. |
| 2006-07-03 | |||
| |||
| Re: CheckPoint's Integrity product One problem that we had, re: nested groups, was that Integrity on SPLAT didn't work...but when we tried it on a W2003 server, it worked fine. Seems like some hiccup with LDAP standards, or perhaps the LDAP client on SPLAT? |
| 2006-07-05 | |||
| |||
| Re: CheckPoint's Integrity product Quote:
I've seen some other reports of this type of behavior, and seem to remember someone saying nested groups are not supported. |
| 2006-08-23 | |||
| |||
| Re: CheckPoint's Integrity product Specific issues I have encountered: Integrity v6.5.063.056 agent/flex client will not let our Windows Mobile 5.0 devices talk to the locally attached laptop – connection is via a usb cable. It works fine with our Pocket PC 2001 & 2003 PDA’s, but it refuses to let the traffic to and from the IPAq, claiming its trying to route to an internet server from our trusted zone? Import of reference source works, but there are no programs displayed in the reference display box Import via Programs / Reference Sources / Import: some of the Imports work ok and all the files are imported, for the new ones I am trying to add the import runs, but when I check the list of reference programs it’s not listed. On the new v6.5 servers I had the same issue when trying to import via global policy settings / reference sources / import. Some of the files imported, but not all of them. With this I then imported the reference file via global policy settings / reference sources / programs / manually added and when I went back and re-imported the reference scan via global policy settings / reference sources / import, it worked. This option is not available on the 4.5 servers which is a major issue for me .Unable to successfully generate a certificate request from the 6.5 servers, tried to put in ‘xxxxxxxxx.xx.xxx-xxxx.xxxxxxxx’ however it will not let me put in a FQDN that is that long, all I can put in is ‘xxxxxxxxx.xx.xxx-xxxx.xxx’ Integrity SQL DataBase can’t be installed on named instance data bases, it can only be installed on the Default instance. With our large, clustered DB environment this does not fit well with our deployment mode. DB performance seems to be poor to indifferent. Current DB server is an 8-way IBM 440 with 12gb of Ram and 500gb SAN storage – but performance still seems to be indifferent. Currently of 250 deployed test clients I have 120 that are generating over 500,000 client errors a day – ‘Attempted policy download failed’ All are compliant and on the corporate LAN and connected to the Integrity cluster but I can’t figure out the issue. I have a problem with CA apps – in that each time they start they send a broadcast packed to a couple of Internet addresses. This means that my client event log for applications is absolutely massive and I can’t find any way to filter the broadcasts out to easily look at genuine application events and monitor what’s going on. Current setup is multiple ibm blade servers in clusters linked via Cisco content switches. Servers are all W2K3 SP1. The DB is on a fairly powerful cluster, but I cant say I am impressed by its performance. All the servers connect via GB networking and all clients connect via 100mb full duplex connections. VPN connection is managed via two integrated Cisco 3000 VPN boxes and a couple of 20mb pipes. Flex and Integrity Agents are deployed, with a mixture of Enterprise, Disconnected and Personal policy files. Last edited by dingo8mybaby; 2006-08-23 at 03:53. |
| 2006-08-24 | |||
| |||
| Re: CheckPoint's Integrity product Has anyone had issues with network latency on extended WAN links and the program generating client errors? |
| 2006-10-19 | |||
| |||
| Re: CheckPoint's Integrity product Quote:
Thx. |
| 2006-10-23 | |||
| |||
| Re: CheckPoint's Integrity product One of the problems that I am experiencing at the moment is that if you setup the Integrity firewall to block all traffic except the traffic you want to accept you end up blocking access to some of the access points available at airports, hotels, cafe, etc. There is no standard port (not that I'm aware of) used for access points. Therefore, in many cases our employees must disable the firewall in order to connect. I would like to enable the feature that disables the ability to shutdown the firewall but I can not due to this problem. Has anybody found a solution to this? Thanks. |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
