cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Per_Opel
Ivory

Disconnected policy in EndPoint Security client

Hi,

We have a some PC's with Endpoint Security installed. The blades that are activated oc the PC's are VPN, Compliance and Firewall. The management server is running R77.30 and the client version is E80.90.

We are using location awareness and auto-connect and hub mode for these clients.

A few weeks back we noticed that if we connected a PC to the LAN all local connected started to fail. We could not get DNS, DHCP or say mount an internal file share. Externally the connections were allowed.

While investigating I found that the firewall logs on the client drops all internal traffic due to (192.168.2.43 is the DNS):

[ 5844 1952] [15 May 13:31:34] FWMSG_RULE_ACTION, dstIp = 192.168.2.43 (port 53)
rule name = DropClrToEnc, src ip = 192.168.10.8, srcport=52405 action=DROP/NOTIFY,
Protocol=ETHERNET/IP, dwSubProtocol=UDP, dwClientId=0

So I've been trying to see where this rule originate from. Since were using the thin client for Endpoint Security it seems like the policy in SmartEndpoint is not utilizied for this client.

I've installed the Checkpoint Mobile client (which is without the firewall) and that allow local connections.

Also, in the installation path for the Endpoint Client there is a file named DisconnectedPolicy.xml which only contains one row:
"FILE DOES NOT EXIST"

Is the solution to check in the ttm-files or how is the disconnected policy applied?

Thanks!

 

0 Kudos
2 Replies
Admin
Admin

Re: Disconnected policy in EndPoint Security client

The fact the firewall is blocking anything when you installed Mobile is a problem.
Recommend engaging with the TAC.
0 Kudos
Per_Opel
Ivory

Re: Disconnected policy in EndPoint Security client

When Checkpoint mobile is isntalled (without the firewall) the connections are allowed.

So this is only happening when firewall is enabled in the client and the client is disconnected due to location awareness.

I've a TAC case opened but I also posted a question here if someone has seen this issue before.

0 Kudos