Create a Post
Showing results for 
Search instead for 
Did you mean: 

Disconnected policy in EndPoint Security client


We have a some PC's with Endpoint Security installed. The blades that are activated oc the PC's are VPN, Compliance and Firewall. The management server is running R77.30 and the client version is E80.90.

We are using location awareness and auto-connect and hub mode for these clients.

A few weeks back we noticed that if we connected a PC to the LAN all local connected started to fail. We could not get DNS, DHCP or say mount an internal file share. Externally the connections were allowed.

While investigating I found that the firewall logs on the client drops all internal traffic due to ( is the DNS):

[ 5844 1952] [15 May 13:31:34] FWMSG_RULE_ACTION, dstIp = (port 53)
rule name = DropClrToEnc, src ip =, srcport=52405 action=DROP/NOTIFY,
Protocol=ETHERNET/IP, dwSubProtocol=UDP, dwClientId=0

So I've been trying to see where this rule originate from. Since were using the thin client for Endpoint Security it seems like the policy in SmartEndpoint is not utilizied for this client.

I've installed the Checkpoint Mobile client (which is without the firewall) and that allow local connections.

Also, in the installation path for the Endpoint Client there is a file named DisconnectedPolicy.xml which only contains one row:

Is the solution to check in the ttm-files or how is the disconnected policy applied?



0 Kudos
3 Replies

The fact the firewall is blocking anything when you installed Mobile is a problem.
Recommend engaging with the TAC.
0 Kudos

When Checkpoint mobile is isntalled (without the firewall) the connections are allowed.

So this is only happening when firewall is enabled in the client and the client is disconnected due to location awareness.

I've a TAC case opened but I also posted a question here if someone has seen this issue before.

0 Kudos

Easy fix. Simply go in the global properties, remote access, vpn - advanced - from there, first section is set to "dropped" by default. Change this to "sent in clear".

Policy install. Once users get re-authenticated, they will retrieve new value. Once they disconnect, they will be able to access internet resources according to your Desktop Security Policy.

probably too late but perhaps others will see this.


0 Kudos