CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3.
2. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > SecureClient/SecuRemote
Updating the SecureClient Desktop Policy Updating the SecureClient Desktop Policy
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2007-10-02
Junior Member
  
Join Date: 2006-06-15
Location: Calgary, Alberta
Posts: 1
Rep Power: 0
richardsj has an average reputation (10+)
Default Updating the SecureClient Desktop Policy
Is there a way that you could have SecureClient call home, so to speak, when the user is on the internal network. We have to change the desktop inbound rules but would like to update the policy without the user having to "update site" or logon. Does anyone know of a way to do this? Is there a file we could deploy through SMS or AD when they logon that changes the policy? Any help appreciated.

Thanks

John
Reply With Quote
  #2 (permalink)  
Old 2007-10-03
Member
  
Join Date: 2007-01-12
Location: Switzerland
Posts: 43
Rep Power: 0
Dominik Zanolari has an average reputation (10+)
Default Re: Updating the SecureClient Desktop Policy
This is one of your requirements, too.

I've spoken to CheckPoint a while ago and was told, the only way to update the Desktop Policy is to logon at the site.

At least for the configuration, you modify the userc.c with scripts, that works quite fine if it is not encrypted.
Reply With Quote
  #3 (permalink)  
Old 2007-10-08
Senior Member
  
Join Date: 2005-08-29
Location: Upstate NY
Posts: 1,670
Rep Power: 5
chillyjim has an average reputation (10+)
Send a message via AIM to chillyjim Send a message via Skype™ to chillyjim
Default Re: Updating the SecureClient Desktop Policy
Upgrade to Integrity SecureClient when Integrity version 7 is released (next few months <crossed-fingers>).

Integrity will then handle the policies and will update as soon as it has access to the server (local, VPN, Internet)
Reply With Quote
  #4 (permalink)  
Old 2007-10-09
Senior Member
  
Join Date: 2006-04-30
Location: Europe, Germany
Posts: 153
Rep Power: 3
dsb.nepo has an average reputation (10+)
Default Re: Updating the SecureClient Desktop Policy
Quote:
Upgrade to Integrity SecureClient when Integrity version 7 is released (next few months <crossed-fingers>).

Integrity will then handle the policies and will update as soon as it has access to the server (local, VPN, Internet)
This sounds interesting, I have never worked with integrety so my question is about the license.
Witch license is needet to run this client at top of CPVP-VEE+CPVP-VPS+CPVP-VSC?
Reply With Quote
  #5 (permalink)  
Old 2007-10-09
Senior Member
  
Join Date: 2005-08-29
Location: Upstate NY
Posts: 1,670
Rep Power: 5
chillyjim has an average reputation (10+)
Send a message via AIM to chillyjim Send a message via Skype™ to chillyjim
Default Re: Updating the SecureClient Desktop Policy
You will need a CPVP-VSI in addition to the firewall and management licenses.
Your reseller should be able to get you some good upgrade pricing on it.
Reply With Quote
  #6 (permalink)  
Old 2007-11-08
Junior Member
  
Join Date: 2005-11-11
Posts: 23
Rep Power: 0
jrdld has an average reputation (10+)
Default Re: Updating the SecureClient Desktop Policy
I haven't tried this myself, but I'd guess you could do this by logging on to the gateway from one "Master" machine, which would update the firewall policy held in

C:\Program Files\Checkpoint\SecuRemote\policy\local.dt

and possibly the topology held in

C:\Program Files\Checkpoint\SecuRemote\database\userc.C

Then you could push the file(s) to all the other machines and restart the Secureclient services. Or maybe stop the services, push the file(s), and then restart the SC services.

JR
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 17:07.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0