You can configure if Endpoint Security VPN users can choose to disable the firewall policy on their local machines.
If this option is enabled, when users right-click the client icon, they can select Disable Security Policy.
To change the Allow disable firewall setting:
FWDIR/conf/trac_client_1.ttm
file with a text editor.:allow_disable_firewall
and set the value:When using Policy Server High Availability, it is possible that users will connect to the organization through one Security Gateway and to a Policy Server which is installed on a different module. In this case they will be prompted twice for authentication — once for the Security Gateway module and the other for the Policy Server. If a user usually connects to the organization through a specific Security Gateway, and this Security Gateway has a Policy Server module installed on it, this double authentication can be avoided by configuring the user's profile to use the High Availability among all Policy Servers, trying selected first option, and selecting the primary Policy Server as that one the Security Gateway through which the user usually connects to the organization. This way, after the user authenticates to the Security Gateway, he will automatically be authorized to download the security policy from the Policy Server installed on that Security Gateway.