Configuring Post Connect Scripts

The Post Connect feature runs a script on Remote Access VPN Client computers after they connect to the Security Gateway.

You must make sure that the script exists on the client computers, in the correct path.

Important Note - The Post-Connect script runs with user-level permissions. For security reasons, running the Post-Connect script is not supported if users do a Secure Domain Login before Windows login.

To configure the Post Connect script for all managed Remote Access Security Gateways:

  1. Close all SmartConsole windows.

  2. Connect with GuiDBEdit Tool to the Security Management Server / Domain Management Server.

  3. In the upper left pane, go to the Table - Global Properties - global_properties.

  4. In the upper right pane, select firewall_properties.

  5. Press CTRL+F (or go to the Search menu - Find) - paste desktop_post_connect_script - click Find Next.

  6. In the lower pane, make sure the attribute desktop_post_connect_script does not have any value (it is empty).

    If it has a value, then right-click this attribute and select Reset.

  7. In the upper right pane, select firewall_properties.

  8. Press CTRL+F (or go to the Search menu - Find) - paste desktop_post_connect_script_show_window - click Find Next.

  9. In the lower pane, right-click the desktop_post_connect_script_show_window - select Edit... - select "true" - click OK.

    The default value is false. The script runs in a hidden window.

  10. Save the changes: go to the File menu - click Save All.

  11. Close the Database Tool (GuiDBEdit Tool).

  12. Connect with SmartConsole to the Security Management Server / Domain Management Server.

  13. Install the policy on each Security Gateway / Cluster object.

To configure the Post Connect script for a specific Remote Access Security Gateway:

  1. Configure the path to the Post Connect script in the specific Security Gateway / Cluster:

    1. Close all SmartConsole windows.

    2. Connect with GuiDBEdit Tool to the Security Management Server / Domain Management Server.

    3. In the upper left pane, go to the Table - Network Objects - network_objects.

    4. In the upper right pane, select the relevant Security Gateway / Cluster object.

    5. Press CTRL+F (or go to the Search menu - Find) - paste desktop_post_connect_script - click Find Next.

    6. In the lower pane, make sure the attribute desktop_post_connect_script does not have any value (it is empty).

      If it has a value, then right-click this attribute and select Reset.

    7. In the upper right pane, select the applicable Security Gateway / Cluster object.

    8. Press CTRL+F (or go to the Search menu - Find) - paste desktop_post_connect_script_show_window - click Find Next.

    9. In the lower pane, right-click the desktop_post_connect_script_show_window - select Edit... - select "true" - click OK.

    10. The default value is false. The script runs in a hidden window.

    11. Save the changes: go to the File menu - click Save All.

    12. Close the Database Tool (GuiDBEdit Tool).

    13. Connect with SmartConsole to the Security Management Server / Domain Management Server.

    14. Install the policy on the specific Security Gateway / Cluster object.

  2. Configure the Remote Access TTM file $FWDIR/conf/trac_client_1.ttm on the specific Security Gateway / each Cluster Member:

    Note - For more information about this TTM file, see sk75221.

    1. Connect to the command line on the Security Gateway / each Cluster Member.

    2. Log in to the Expert mode.

    3. Back up the current $FWDIR/conf/trac_client_1.ttm file:

      cp -v $FWDIR/conf/trac_client_1.ttm{,_BKP}

    4. Edit the current $FWDIR/conf/trac_client_1.ttm file:

      vi $FWDIR/conf/trac_client_1.ttm

    5. Configure the path to the Post Connect script file:

      Important - Such file must exist on all Remote Access VPN clients that connect to this Security Gateway.

      :post_connect_script_show_window (

      :gateway (desktop_post_connect_script_show_window

      :valid (false)

      :default (true)

      )

      )

      :post_connect_script (

      :gateway (desktop_post_connect_script

      :valid (false)

      :default ("<Full Path to the script file on the Remote Access VPN computer>")

      )

      )

      For example:

      :post_connect_script_show_window (

      :gateway (desktop_post_connect_script_show_window

      :valid (false)

      :default (true)

      )

      )

      :post_connect_script (

      :gateway (desktop_post_connect_script

      :valid (false)

      :default ("C:\vpn_pcs.bat")

      )

      )

    6. Save the changes in the TTM file an exit Vi editor.

    7. From the SmartConsole, install the policy on the Security Gateway / Cluster object.

    8. Delete the current VPN Site on the Remote Access VPN client.

    9. Create the required VPN Site again on the Remote Access VPN client to download the new configuration from the Security Gateway / Cluster.