My company is trying to deploy Checkpoint Identity Agents with as little nuisance to users as possible. So far, I've been able to preconfigure trusted gateways with the right registry settings so that users won't really know the agent is even running, but when users take mobile devices off our network, they run into issues because the portal is not publically available.
Using the distributed configuration tool, I know it is possible to configure agents to connect to specific gateway devices based off IP and domain. My question is it able to configure the agents to try not to connect when on a specific network or off a domain? The idea being that we don't want users calling our help desk when the identity agent alerts the user about not being able to connect to a gateway.