Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Paulo_Balau
Contributor

Change "Enable Always-Connect" always grey

Hi!

I have E82.40.

When trying to disable the "Enable Always-Connect" for users that are mostly at office I can't because it is always greyed.

Previously, I was able to change it.

Welll... It required to perform a connection first in order to the checkbox to appear selectable but now is always grey.

By default the "Enable Always-Connect" is checked and I need to uncheck. 🙂

How may I change it?

Best Regards,

Paulo Balau

0 Kudos
17 Replies
G_W_Albrecht
Legend Legend
Legend

Try sk108982: How to disable the default 'Always-Connect' on Endpoint Security / VPN Clients before depl...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Paulo_Balau
Contributor

Seems is very usefull for future deployments, indeed.

For the already installed/deployed how may I change it?

Best Regards,

Balau

0 Kudos
PhoneBoy
Admin
Admin

It's controlled via a Global Properties setting.
Change as appropriate and push Access Policy.
The existing clients should be updated once they connect again.

948F9D54-1869-4ACB-AE15-657C153C84B0.jpeg

0 Kudos
Maricec
Explorer

Hello, I have the same problem, but I can't find Global Properties. This is my screen. Is there any other option to disable the "Always Connect" check?

1.jpg

0 Kudos
PhoneBoy
Admin
Admin

As an end user, if your admin does not allow you to configure this setting, you can not disable it.

Maricec
Explorer

Thanks for the quick reply. The only problem is that Check Point is installed in my personal computer. Is there any other way to prevent the software starts when I turn on my computer? I tried to uncheck it using Msconfig, but when I apply the changes, the check does not disappear

0 Kudos
PhoneBoy
Admin
Admin

This not allowing the client to be disabled behavior is likely part of our self-protection mechanisms.
Short of getting your admin to disable this option or to change to allow it to be configured on the client, your only option is to uninstall the client. 

0 Kudos
Paulo_Balau
Contributor

Hello PhoneBoy...

I have it that way but is does not work as well. 🙂

 

0 Kudos
Paulo_Balau
Contributor

This Global Properties are not on the client itself but on the SmartConsole (were you define fw policies, etc, etc.)

One may say it could be useful to be on the SmarEndpoit console but it is not as well 😞

 

0 Kudos
Paulo_Balau
Contributor

Hi! I have it as you mentioned from start. But, even on recently updated Endpoint Security clients (as mine) continue to show the option on grey.

It seeams they do not care of this global option 😞

Any other way?

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Edit the clients trac.defaults file in a text editor, see sk108982.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
NetMonkey
Explorer

The only problem with this approach (and of course it is the prescribed approach) is the unfriendly nature of it.  I have often wondered why, when using the full endpoint management server, that there isn't a better way.

In an enterprise estate, there are several user classes (sales, technical, accounts, executives), and these may require different VPN configurations.  There is not a simple way to create a VPN policy for these user communities from the central management point, and that seems very strange.  One size fits all does not work in large estates.

For example, in our own business - I want my sales team to have an always-on configuration.  They need to connect if they are out of the office, so I want to give them a sales VPN profile (ideally with transparent machine authentication because they are sales people).  But our technical teams need to log on to a completely different VPN gateway, but they are technical and they know when they need a VPN and when they don't.  They have access to customer systems from the VPN, so 2-factor authentication is preferable.  

These user groups have config needs that are completely different and whilst I can manage a user base with 2 or 3 different trac.defaults configurations across around 40 machines, it's clunky and for no good reason.  @PhoneBoy it's time for EndPoint to grow up a little more and remember that unlike gateways, endpoints are managed by the desktop team where clunky fixes to text files that are not accessible via the management interface are a blocker to acceptability and ultimately to sales success.  Engineers may love to hate the "just edit this file in vi" type of SK, but frankly it's a killer for most endpoint administrators and needs to evolve.  Can it be in R81 endpoint management please ? 😄

Long term technology addict and occasional Check Point consultant.
(1)
PhoneBoy
Admin
Admin

R81 is in Public EA now, so if that feature isn’t there already, it won’t be in R81.
Agree that editing manual files on a specific gateway is a less than optimal solution.

0 Kudos
JeffCote
Explorer

Is this setting available on the Harmony platform ?

0 Kudos
PhoneBoy
Admin
Admin

The reason this is not configured in Endpoint Management is because there are gateway-specific dependencies required to implement this feature.
As such, enabling in Endpoint Management without that configuration wouldn't be terribly useful.

0 Kudos
AndrejN
Explorer

I edited trac.defaults with notepad.

Find line "neo_always_connected STRING true GW_USER 1" and change it from true to false and save file. It works for me.

 

0 Kudos
(1)
misterTi
Explorer

The only simple solution, thanks.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events