To mark or unmark automatically SecuRemote

[Pacofe]

Hi there,

we have some users that usually work inside our net but sometimes need to work outside from our intranet. In both cases they work through the ethernet adapter

When they are in the intranet, they have the Check Point SecuRemote unmarked on the TCP/IP properties in order to not encrypt the comunications.
When they are outside our intranet, they have the Check Point SecuRemote marked on the TCP/IP properties in order to establish a VPN with our site.

Our users are not administrators users, therefore they can't change TCP/IP's properties.

Is there someway of do it automatically by a command or script?

Thanks!

Best regards.

[dsb.nepo]

Normaly there is no need to change tcp/ip settings at the client site.

At the client do the following steps.
- stop SecureClient/Remote
- make shure SecueClient/Remote is enabled at the Ethernet adapter (tcp/ip) settings.
- set the following parameter in the file userc.C to true
:allow_clear_in_enc_domain (true)

Check this parameter again after a successfull connect to the vpn gateway!

With newer version of CP you have this option in SmartDashboard

[Policy] -> [Global Properties] -> (Remote Access) -> (VPN Advanced)

When disconnected traffic to the encrypion domain will be
[ ] Dropped
[X] Send in clear

If this is not working for you give a little more detail.
CP Version, SecureClient/Remote version maybe OS

[Pacofe]

Thanks dsb.nepo,

I think this is the solution we was looking for.

I've test it and it works properly although I think I have some problems with the Desktop Rules.

Thanks!

[dsb.nepo]

for the desktop rules keep in mind
- All Users@ -> rules apply if the client is disconnected
- DefinedUserGroup@ -> rules apply if the client is connected

You can verify this if you open the CheckPoint diagnose at the client side
from the 'windows program menu' and watch the applied rules.