SNX and IntegrityClientLess

[docstephano]

Hello,
deploying a R65 SNX environment, I'd like to enable ICS but also be able to specify what I want to check on the client.
I couldn't find appropriate doc/tutorial, so I installed the Integrirty software on the machine too.
Nice web interface... but how do I manage the content of the $FWDIR/conf/extender/request.xml ?
I folowed the SNX helpfile but couldn't find the report.asp...


So, I'm wondering if ICS and Integriry (Agent or Flex) are really from the same family, aren't they ?

or is there a help file describing the request.xml synthax ?

[craig999]

The user forums, SK, and indeed the entire Internet seem void of any reference information for this. I will post my notes of what I did to do some minor tweaking. I am in R65 HA SPLAT environment, using SSL Network extender and INtegrity Clientless security without a connectra box.

How to change what is scanned by ICS during logon
The ICS Configuration Tool (download from checkpoint site) is a simple editor that requires no install which can edit request.xml which is one of the files to control ICS for SSL VPN users. There are simple radio buttons for worms, Trojan horses, hacker tools etc.

I changed the default to not check for 3rd party cookies.

Request.xml is found on your gateway(s) in
$FWDIR/conf/extender which is on my GW is /opt/CPsuite-R65/fw1/conf/extender

I use WinSCP to copy request.xml to/from the gateway(s).

To set the default selected browser to current browser not Integrity Secure Browser
Edit isb.html.
If you copy from the gateway to local machine you can edit with notepad.
The file is located in:
$FWDIR/conf/extender which is /opt/CPsuite-R65/fw1/conf/extender
Change the script below to have a different radio-button checked, by moving the "checked" string:
From this:
<p><script>document.write(choose_browser)</script></p>
<p><input type="radio" name="loginType" id="SecureSurf" value="SecureSurf" checked>&nbsp;<script>document.write(isb_browser)</script></p>
<p><input type="radio" name="loginType" id="Standard" value="Standard">&nbsp;<script>document.write(curr ent_browser)</script></p>
<p><input type="button" id="Continue" NAME="Continue" value="" align="absmiddle" onclick="select_browser(getElementById('Standard') .checked)"></p>
<script>document.getElementById('Continue').valu e = ics_continue;</script></p>
<p><script>document.write(recommend_isb)</script></B></p>

To this:
<p><script>document.write(choose_browser)</script></p>
<p><input type="radio" name="loginType" id="SecureSurf" value="SecureSurf">&nbsp;<script>document.write(is b_browser)</script></p>
<p><input type="radio" name="loginType" id="Standard" value="Standard" checked>&nbsp;<script>document.write(current_brows er)</script></p>
<p><input type="button" id="Continue" NAME="Continue" value="" align="absmiddle" onclick="select_browser(getElementById('Standard') .checked)"></p>
<script>document.getElementById('Continue').valu e = ics_continue;</script></p>
<p><script>document.write(recommend_isb)</script></B></p>

To Change wording on the browser select screen
Updated Isb.html file.
To change “ICS browser is recommended” text to “protected by ICS” text
Change this:
<p><script>document.write(recommend_isb)</script></B></p>
To this:
<p><script>document.write(powered_by_ics)</script></B></p>

To change wording of any messages displayed during creation of session and logon
Messages.js contains all the messages, you can change them as you wish. Use your favorite editor, I use ultraedit.
Located in $FWDIR/conf/extender which is /opt/CPsuite-R65/fw1/conf/extender/english

I changed text of choose_browser to remove verbiage about how “use of current browsermay permit unauthorized access…”
You can also substitute different messages in the html where it says “document.write(message_name)”.

NEED HELP ON THIS ONE - How to remove the need for the user to click the Continue button on the Browser selection screen
There is some java script in source file isb.html that seems to wait for you to click the Continue button and calls the select_browser function:

<p><input type="button" id="Continue" NAME="Continue" value="" align="absmiddle" onclick="select_browser(getElementById('Standard') .checked)"></p>

The select_browser function is in source file cookies.js
function select_browser(standard)
{
if (standard)
location.href = "index.html";
else
location.href = "download_isb.html";
}

I am not familiar with java script so not sure how to change this so instead of onclick it will just click itself, while still retaining the correct parameter settings it would have obtained if the user had clicked the page.