Seems is very usefull for future deployments, indeed.

For the already installed/deployed how may I change it?

Best Regards,

Balau

Hello, I have the same problem, but I can't find Global Properties. This is my screen. Is there any other option to disable the "Always Connect" check?

As an end user, if your admin does not allow you to configure this setting, you can not disable it.

Thanks for the quick reply. The only problem is that Check Point is installed in my personal computer. Is there any other way to prevent the software starts when I turn on my computer? I tried to uncheck it using Msconfig, but when I apply the changes, the check does not disappear

This not allowing the client to be disabled behavior is likely part of our self-protection mechanisms.
Short of getting your admin to disable this option or to change to allow it to be configured on the client, your only option is to uninstall the client. 

Hello PhoneBoy...

I have it that way but is does not work as well. 🙂

This Global Properties are not on the client itself but on the SmartConsole (were you define fw policies, etc, etc.)

One may say it could be useful to be on the SmarEndpoit console but it is not as well 😞

Hi! I have it as you mentioned from start. But, even on recently updated Endpoint Security clients (as mine) continue to show the option on grey.

It seeams they do not care of this global option 😞

Any other way?

Edit the clients trac.defaults file in a text editor, see sk108982.

The only problem with this approach (and of course it is the prescribed approach) is the unfriendly nature of it.  I have often wondered why, when using the full endpoint management server, that there isn't a better way.

In an enterprise estate, there are several user classes (sales, technical, accounts, executives), and these may require different VPN configurations.  There is not a simple way to create a VPN policy for these user communities from the central management point, and that seems very strange.  One size fits all does not work in large estates.

For example, in our own business - I want my sales team to have an always-on configuration.  They need to connect if they are out of the office, so I want to give them a sales VPN profile (ideally with transparent machine authentication because they are sales people).  But our technical teams need to log on to a completely different VPN gateway, but they are technical and they know when they need a VPN and when they don't.  They have access to customer systems from the VPN, so 2-factor authentication is preferable.  

These user groups have config needs that are completely different and whilst I can manage a user base with 2 or 3 different trac.defaults configurations across around 40 machines, it's clunky and for no good reason.  @PhoneBoy it's time for EndPoint to grow up a little more and remember that unlike gateways, endpoints are managed by the desktop team where clunky fixes to text files that are not accessible via the management interface are a blocker to acceptability and ultimately to sales success.  Engineers may love to hate the "just edit this file in vi" type of SK, but frankly it's a killer for most endpoint administrators and needs to evolve.  Can it be in R81 endpoint management please ? 😄

R81 is in Public EA now, so if that feature isn’t there already, it won’t be in R81.
Agree that editing manual files on a specific gateway is a less than optimal solution.

Is this setting available on the Harmony platform ?

The reason this is not configured in Endpoint Management is because there are gateway-specific dependencies required to implement this feature.
As such, enabling in Endpoint Management without that configuration wouldn't be terribly useful.

The only simple solution, thanks.