Letting Users Disable the Firewall

You can configure if Endpoint Security VPN users can choose to disable the firewall policy on their local machines.

If this option is enabled, when users right-click the client icon, they can select Disable Security Policy.

To change the Allow disable firewall setting:

1. On the gateway, open the $FWDIR/conf/trac_client_1.ttm file with a text editor.
2. Find the line :allow_disable_firewall and set the value:
   • true - Users can disable their firewall policy.
   • false - Users do not have the option to disable their firewall policy.
   • client_decide - Takes the value from a file on the client machine
3. Save the file and install the policy.

Avoiding Double Authentication for Policy Server

When using Policy Server High Availability, it is possible that users will connect to the organization through one Security Gateway and to a Policy Server which is installed on a different module. In this case they will be prompted twice for authentication — once for the Security Gateway module and the other for the Policy Server. If a user usually connects to the organization through a specific Security Gateway, and this Security Gateway has a Policy Server module installed on it, this double authentication can be avoided by configuring the user's profile to use the High Availability among all Policy Servers, trying selected first option, and selecting the primary Policy Server as that one the Security Gateway through which the user usually connects to the organization. This way, after the user authenticates to the Security Gateway, he will automatically be authorized to download the security policy from the Policy Server installed on that Security Gateway.