checkpoint secure client VPN-1 - Firewalls

This is a discussion on checkpoint secure client VPN-1 - Firewalls ; I have the following problem: When PC's with the SecureClient are on the LAN the software reverts to the Default policy and the firewall blocks all traffic coming to it i.e. I cannot ping the clients nor push my Antivirus ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: checkpoint secure client VPN-1

  1. checkpoint secure client VPN-1

    I have the following problem:

    When PC's with the SecureClient are on the LAN the software reverts to the
    Default policy and the firewall blocks all traffic coming to it i.e. I
    cannot ping the clients nor push my Antivirus installations, access shares,
    etc.

    If I Disable the default policy i.e. no protection, everything works fine

    If I log in from an external internet connection then I get the personalised
    policy loaded and everything works fine as it should.

    How can I get the clients to behave properly on the LAN so they are
    accessible for management purposes. Why do they not default to the policy
    server and use the personalised policy, why do they use the default and
    block everything??

    I have setup as far as I know correctly the FW and client software - have
    followed the VPN client install guide from the Checkpoint site.

    Any advice would be greatly appreciated!!!

    Checkpoint Firewall 1 NG FP3
    Checkpoint SecureClient various builds all with the same issue

    Thanks

    Chris



  2. Re: checkpoint secure client VPN-1


    "Chris Moore" wrote in message
    news:Mulfc.5010$fq4.3367@lakeread05...
    > I have the following problem:
    >
    > When PC's with the SecureClient are on the LAN the software reverts to the
    > Default policy and the firewall blocks all traffic coming to it i.e. I
    > cannot ping the clients nor push my Antivirus installations, access

    shares,
    > etc.
    >
    > If I Disable the default policy i.e. no protection, everything works fine
    >
    > If I log in from an external internet connection then I get the

    personalised
    > policy loaded and everything works fine as it should.
    >
    > How can I get the clients to behave properly on the LAN so they are
    > accessible for management purposes. Why do they not default to the policy
    > server and use the personalised policy, why do they use the default and
    > block everything??
    >
    > I have setup as far as I know correctly the FW and client software - have
    > followed the VPN client install guide from the Checkpoint site.
    >
    > Any advice would be greatly appreciated!!!
    >
    > Checkpoint Firewall 1 NG FP3
    > Checkpoint SecureClient various builds all with the same issue
    >
    > Thanks
    >
    > Chris
    >



    Are you saying that your clients are on a LAN behind the firewall and have
    SecureClient active? Why would you use SecureClient on the LAN?

    Chris.



  3. Re: checkpoint secure client VPN-1

    Microsoft clients have GPO (group policy/system policy) to enforce
    configurations within he Domain. The post did not mention what OS the client
    are running; however, using SecureClient on the LAN can be useful in
    enforcing similar strictures.

    So, one obvious question...what OS is running on the client machines...why
    not use group policies or system policies instead (if you are running NT or
    W2K/W2K03)? By the way none of your clients are running Win 95, which is no
    longer supported for SecureClient.
    "Chris" wrote in message
    news:KkudnYotZMDE3-PdSa8jmw@karoo.co.uk...
    >
    > "Chris Moore" wrote in message
    > news:Mulfc.5010$fq4.3367@lakeread05...
    > > I have the following problem:
    > >
    > > When PC's with the SecureClient are on the LAN the software reverts to

    the
    > > Default policy and the firewall blocks all traffic coming to it i.e. I
    > > cannot ping the clients nor push my Antivirus installations, access

    > shares,
    > > etc.
    > >
    > > If I Disable the default policy i.e. no protection, everything works

    fine
    > >
    > > If I log in from an external internet connection then I get the

    > personalised
    > > policy loaded and everything works fine as it should.
    > >
    > > How can I get the clients to behave properly on the LAN so they are
    > > accessible for management purposes. Why do they not default to the

    policy
    > > server and use the personalised policy, why do they use the default and
    > > block everything??
    > >
    > > I have setup as far as I know correctly the FW and client software -

    have
    > > followed the VPN client install guide from the Checkpoint site.
    > >
    > > Any advice would be greatly appreciated!!!
    > >
    > > Checkpoint Firewall 1 NG FP3
    > > Checkpoint SecureClient various builds all with the same issue
    > >
    > > Thanks
    > >
    > > Chris
    > >

    >
    >
    > Are you saying that your clients are on a LAN behind the firewall and have
    > SecureClient active? Why would you use SecureClient on the LAN?
    >
    > Chris.
    >
    >



    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.657 / Virus Database: 422 - Release Date: 4/13/2004



  4. Re: checkpoint secure client VPN-1

    All clients are Windows XP

    SecureClient loads on bootup as per the default installation hence the
    firewall kicking off with no policy when the users are on the LAN.

    Hope this provides more useful info.

    Thanks for the replies so far


    Chris
    "zenner @pacbell.net>" wrote in message
    newsLvfc.37034$Kq5.19589@newssvr29.news.prodigy.com...
    > Microsoft clients have GPO (group policy/system policy) to enforce
    > configurations within he Domain. The post did not mention what OS the

    client
    > are running; however, using SecureClient on the LAN can be useful in
    > enforcing similar strictures.
    >
    > So, one obvious question...what OS is running on the client machines...why
    > not use group policies or system policies instead (if you are running NT

    or
    > W2K/W2K03)? By the way none of your clients are running Win 95, which is

    no
    > longer supported for SecureClient.
    > "Chris" wrote in message
    > news:KkudnYotZMDE3-PdSa8jmw@karoo.co.uk...
    > >
    > > "Chris Moore" wrote in message
    > > news:Mulfc.5010$fq4.3367@lakeread05...
    > > > I have the following problem:
    > > >
    > > > When PC's with the SecureClient are on the LAN the software reverts to

    > the
    > > > Default policy and the firewall blocks all traffic coming to it i.e. I
    > > > cannot ping the clients nor push my Antivirus installations, access

    > > shares,
    > > > etc.
    > > >
    > > > If I Disable the default policy i.e. no protection, everything works

    > fine
    > > >
    > > > If I log in from an external internet connection then I get the

    > > personalised
    > > > policy loaded and everything works fine as it should.
    > > >
    > > > How can I get the clients to behave properly on the LAN so they are
    > > > accessible for management purposes. Why do they not default to the

    > policy
    > > > server and use the personalised policy, why do they use the default

    and
    > > > block everything??
    > > >
    > > > I have setup as far as I know correctly the FW and client software -

    > have
    > > > followed the VPN client install guide from the Checkpoint site.
    > > >
    > > > Any advice would be greatly appreciated!!!
    > > >
    > > > Checkpoint Firewall 1 NG FP3
    > > > Checkpoint SecureClient various builds all with the same issue
    > > >
    > > > Thanks
    > > >
    > > > Chris
    > > >

    > >
    > >
    > > Are you saying that your clients are on a LAN behind the firewall and

    have
    > > SecureClient active? Why would you use SecureClient on the LAN?
    > >
    > > Chris.
    > >
    > >

    >
    >
    > ---
    > Outgoing mail is certified Virus Free.
    > Checked by AVG anti-virus system (http://www.grisoft.com).
    > Version: 6.0.657 / Virus Database: 422 - Release Date: 4/13/2004
    >
    >




  5. Re: checkpoint secure client VPN-1


    "Chris Moore" wrote in message
    news:ArGfc.7569$fq4.718@lakeread05...
    > All clients are Windows XP
    >
    > SecureClient loads on bootup as per the default installation hence the
    > firewall kicking off with no policy when the users are on the LAN.
    >
    > Hope this provides more useful info.
    >
    > Thanks for the replies so far
    >
    >


    The point is, do you want to run SecureClient on the LAN or is it just for
    when the clients are out of the office? If so then you can just create a
    hardware profile that has SecureClient active when out of the office and not
    active when on the LAN.

    Chris.



  6. Re: checkpoint secure client VPN-1

    Yeah, guess a hw profile controlling the services will do it, thought there
    might be a more elegant method of keeping the client configured right for
    both requirements.

    Thanks


    Chris


    "Chris" wrote in message
    news:dCKdnX3pOIQDF-LdSa8jmw@karoo.co.uk...
    >
    > "Chris Moore" wrote in message
    > news:ArGfc.7569$fq4.718@lakeread05...
    > > All clients are Windows XP
    > >
    > > SecureClient loads on bootup as per the default installation hence the
    > > firewall kicking off with no policy when the users are on the LAN.
    > >
    > > Hope this provides more useful info.
    > >
    > > Thanks for the replies so far
    > >
    > >

    >
    > The point is, do you want to run SecureClient on the LAN or is it just for
    > when the clients are out of the office? If so then you can just create a
    > hardware profile that has SecureClient active when out of the office and

    not
    > active when on the LAN.
    >
    > Chris.
    >
    >




+ Reply to Thread