"Chris Moore" wrote in message
news:Mulfc.5010$fq4.3367@lakeread05...
> I have the following problem:
>
> When PC's with the SecureClient are on the LAN the software reverts to the
> Default policy and the firewall blocks all traffic coming to it i.e. I
> cannot ping the clients nor push my Antivirus installations, access
shares,
> etc.
>
> If I Disable the default policy i.e. no protection, everything works fine
>
> If I log in from an external internet connection then I get the
personalised
> policy loaded and everything works fine as it should.
>
> How can I get the clients to behave properly on the LAN so they are
> accessible for management purposes. Why do they not default to the policy
> server and use the personalised policy, why do they use the default and
> block everything??
>
> I have setup as far as I know correctly the FW and client software - have
> followed the VPN client install guide from the Checkpoint site.
>
> Any advice would be greatly appreciated!!!
>
> Checkpoint Firewall 1 NG FP3
> Checkpoint SecureClient various builds all with the same issue
>
> Thanks
>
> Chris
>


Are you saying that your clients are on a LAN behind the firewall and have
SecureClient active? Why would you use SecureClient on the LAN?

Chris.

Microsoft clients have GPO (group policy/system policy) to enforce
configurations within he Domain. The post did not mention what OS the client
are running; however, using SecureClient on the LAN can be useful in
enforcing similar strictures.

So, one obvious question...what OS is running on the client machines...why
not use group policies or system policies instead (if you are running NT or
W2K/W2K03)? By the way none of your clients are running Win 95, which is no
longer supported for SecureClient.
"Chris" wrote in message
news:KkudnYotZMDE3-PdSa8jmw@karoo.co.uk...
>
> "Chris Moore" wrote in message
> news:Mulfc.5010$fq4.3367@lakeread05...
> > I have the following problem:
> >
> > When PC's with the SecureClient are on the LAN the software reverts to
the
> > Default policy and the firewall blocks all traffic coming to it i.e. I
> > cannot ping the clients nor push my Antivirus installations, access
> shares,
> > etc.
> >
> > If I Disable the default policy i.e. no protection, everything works
fine
> >
> > If I log in from an external internet connection then I get the
> personalised
> > policy loaded and everything works fine as it should.
> >
> > How can I get the clients to behave properly on the LAN so they are
> > accessible for management purposes. Why do they not default to the
policy
> > server and use the personalised policy, why do they use the default and
> > block everything??
> >
> > I have setup as far as I know correctly the FW and client software -
have
> > followed the VPN client install guide from the Checkpoint site.
> >
> > Any advice would be greatly appreciated!!!
> >
> > Checkpoint Firewall 1 NG FP3
> > Checkpoint SecureClient various builds all with the same issue
> >
> > Thanks
> >
> > Chris
> >
>
>
> Are you saying that your clients are on a LAN behind the firewall and have
> SecureClient active? Why would you use SecureClient on the LAN?
>
> Chris.
>
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.657 / Virus Database: 422 - Release Date: 4/13/2004

All clients are Windows XP

SecureClient loads on bootup as per the default installation hence the
firewall kicking off with no policy when the users are on the LAN.

Hope this provides more useful info.

Thanks for the replies so far


Chris
"zenner @pacbell.net>" wrote in message
newsLvfc.37034$Kq5.19589@newssvr29.news.prodigy.com...
> Microsoft clients have GPO (group policy/system policy) to enforce
> configurations within he Domain. The post did not mention what OS the
client
> are running; however, using SecureClient on the LAN can be useful in
> enforcing similar strictures.
>
> So, one obvious question...what OS is running on the client machines...why
> not use group policies or system policies instead (if you are running NT
or
> W2K/W2K03)? By the way none of your clients are running Win 95, which is
no
> longer supported for SecureClient.
> "Chris" wrote in message
> news:KkudnYotZMDE3-PdSa8jmw@karoo.co.uk...
> >
> > "Chris Moore" wrote in message
> > news:Mulfc.5010$fq4.3367@lakeread05...
> > > I have the following problem:
> > >
> > > When PC's with the SecureClient are on the LAN the software reverts to
> the
> > > Default policy and the firewall blocks all traffic coming to it i.e. I
> > > cannot ping the clients nor push my Antivirus installations, access
> > shares,
> > > etc.
> > >
> > > If I Disable the default policy i.e. no protection, everything works
> fine
> > >
> > > If I log in from an external internet connection then I get the
> > personalised
> > > policy loaded and everything works fine as it should.
> > >
> > > How can I get the clients to behave properly on the LAN so they are
> > > accessible for management purposes. Why do they not default to the
> policy
> > > server and use the personalised policy, why do they use the default
and
> > > block everything??
> > >
> > > I have setup as far as I know correctly the FW and client software -
> have
> > > followed the VPN client install guide from the Checkpoint site.
> > >
> > > Any advice would be greatly appreciated!!!
> > >
> > > Checkpoint Firewall 1 NG FP3
> > > Checkpoint SecureClient various builds all with the same issue
> > >
> > > Thanks
> > >
> > > Chris
> > >
> >
> >
> > Are you saying that your clients are on a LAN behind the firewall and
have
> > SecureClient active? Why would you use SecureClient on the LAN?
> >
> > Chris.
> >
> >
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.657 / Virus Database: 422 - Release Date: 4/13/2004
>
>

"Chris Moore" wrote in message
news:ArGfc.7569$fq4.718@lakeread05...
> All clients are Windows XP
>
> SecureClient loads on bootup as per the default installation hence the
> firewall kicking off with no policy when the users are on the LAN.
>
> Hope this provides more useful info.
>
> Thanks for the replies so far
>
>

The point is, do you want to run SecureClient on the LAN or is it just for
when the clients are out of the office? If so then you can just create a
hardware profile that has SecureClient active when out of the office and not
active when on the LAN.

Chris.

Yeah, guess a hw profile controlling the services will do it, thought there
might be a more elegant method of keeping the client configured right for
both requirements.

Thanks


Chris


"Chris" wrote in message
news:dCKdnX3pOIQDF-LdSa8jmw@karoo.co.uk...
>
> "Chris Moore" wrote in message
> news:ArGfc.7569$fq4.718@lakeread05...
> > All clients are Windows XP
> >
> > SecureClient loads on bootup as per the default installation hence the
> > firewall kicking off with no policy when the users are on the LAN.
> >
> > Hope this provides more useful info.
> >
> > Thanks for the replies so far
> >
> >
>
> The point is, do you want to run SecureClient on the LAN or is it just for
> when the clients are out of the office? If so then you can just create a
> hardware profile that has SecureClient active when out of the office and
not
> active when on the LAN.
>
> Chris.
>
>