Securemote and Office Mode

[philuxe]

Hi all,


I have a question regarding SecuRemote with Office Mode.

Since I don't need the Desktop Security feature I wanted to use SecuRemote which is free, but Securemote doesn't support (at my known) Office Mode
which allow you to assign a IP address to the client. I need to assign an IP to each client because sometimes they use the same LAN addressing.

Trouble is when you install SecureClient on a computer it locks every access and thats not possible in my case since the VPN client
must be installed on employee home computers.

So question are :
1/ Is it possible to install Securemote as VPN client and make it working in Office Mode if I purchase the 25 SecureClient clients licence for the VPN-1 Gateway ????
2/ If YES, should I buy a second 25 SecureClient clients licence since the gateway is a IPSO cluster with two nodes ?



Hope I am clear

Thx

[ddarby1]

Hi Philuxe,

You're correct in that SecuRemote does not support Office Mode.

Unfortunately what I think this means for you is that the 'Office Mode' check box will never be available (grayed-out) in the Advanced Options section of SecuRemote and therefore the client will never ask for an Office Mode IP address from the Enforcement Module.

The answer to your question #1 is 'no' in this case.

Would it not be possible to use SecureClient and customise the desktop Policy so that their home access is not restricted (i.e. something like allow all in both directions)? Obviously you'd have to take account of risks to their computers, your organisation, etc.

[Sergej]

You can use windows native VPN client. This will provide Office Mode and no Desktop Security.


P.S. I hate Desktop Security. Do you want where I can join Desktop Security haters club? :)

[philuxe]

Yes I can use the windows native IPSEC client.

But should I purchase secureclient licences for the gateway in order it assigns IP addresses to clients ???

[Sergej]

As far as I know you do not need policy server to assign IP addresses for native windows VPN clients. SecureClient license allow you to select Policy Server (the component where Centralized Policy we all hate stored)

[philuxe]

Indeed it seems that is possible to use secureclient (with office mode) without any licence !!
I have tested if the first time with my eval licence then I have removed it and that still works :))))

Sergej > ur right, secureclient licence is only needed if we need to use Policyserver !!

I am not sure but that my conclusion and that I can see working here.

[dramirez]

Quote:

Originally Posted by philuxe

Indeed it seems that is possible to use secureclient (with office mode) without any licence !!
I have tested if the first time with my eval licence then I have removed it and that still works :))))

Sergej > ur right, secureclient licence is only needed if we need to use Policyserver !!

I am not sure but that my conclusion and that I can see working here.

Just to let you know, my salesrep just told me that the license check for OM could be enforced at any time between versions... At this time on R61 the check is not done.

[chillyjim]

Quote:

Originally Posted by dramirez

Just to let you know, my salesrep just told me that the license check for OM could be enforced at any time between versions... At this time on R61 the check is not done.

Same thing I've been told. Bitch moan and gron that this function, along with NAT-T is included free with other vendors VPN client. Not that I really think it will help but you never know.

[veste]

Quote:

Originally Posted by Sergej

As far as I know you do not need policy server to assign IP addresses for native windows VPN clients. SecureClient license allow you to select Policy Server (the component where Centralized Policy we all hate stored)

are there documents how to do this anywhere?
i could not find anything searching the web & cpug

regards, s.

[chillyjim]

Quote:

Originally Posted by veste

are there documents how to do this anywhere?
i could not find anything searching the web & cpug

All of the documentation is on the Check Point CD. You want to look in the VPN guide.