Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hi,
I've set to block client's connection Upon verification failure in Global properties. then test to connect a non-compliant to gateway, but the vpn still able to connect.
here are my SCV global parameters :
:SCVGlobalParams (
:enable_status_notifications (false)
:status_notifications_timeout (10)
:disconnect_when_not_verified (false)
:block_connections_on_unverified (false)
:scv_policy_timeout_hours (168)
:enforce_ip_forwarding (false)
:not_verified_script ("")
:not_verified_script_run_show (false)
:not_verified_script_run_admin (false)
:not_verified_script_run_always (false)
:allow_non_scv_clients (false)
:skip_firewall_enforcement_check (false)
)
is value in SCV's global parameters overrides setting on SMS Global properties > Remote Access > Upon Verification failure?
1 Solution
Accepted Solutions
Hello @Gorbiabimanyu
Do you have access rule which accept traffic to encryption domain with VPN column = "RemoteAccess"?
As you can see this settings are relevant for Simplified mode FW policy:
Hello @Gorbiabimanyu
Do you have access rule which accept traffic to encryption domain with VPN column = "RemoteAccess"?
As you can see this settings are relevant for Simplified mode FW policy:
Traffic from such machines will be dropped by FW with the message "Client's configuration is not verified":
If you need to disconnect VPN you will need to set this to "true":
:disconnect_when_not_verified (true)
In this case users will not have access to ANY resources inside of encryption domain.
Exceptions mentioned by @PhoneBoy should be configured in here and will not work if you drop VPN tunnel:
