Configuring the client for ATMs

ATM machines must be configured for non-interactive upgrades and continuous connectivity. ATM clients are supported on SmartConsole-managed Endpoint Security VPN clients.

Make sure that there is an application that uses the client API to start and monitor the connection.

You can configure the client for always-connect (rather than the API). But we do not recommend this if you use secondary connect. If the primary tunnel disconnects and the machine reboots, a client in always-connect does not connect to the backup tunnel. It tries to connect to the primary tunnel.

If you want always-connect and secondary connect, we recommend that you use a 3rd party code to switch to the secondary tunnel on failover.
Make sure the ATM machine has a certificate in the CAPI, and that the client is configured for automatic CAPI re-authentication.

Administrators can configure username and password caching for ATM devices in the Windows registry. Credentials are saved encrypted in the registry per site. This feature does not depend on password caching. See Remote Access Clients Command Line for feature usage.

To enable the feature, a new attribute was added to the trac.defaults file: "save_cli_credentials_for_ATM" with the default value false.

To enable automatic CAPI re-authentication:

Edit the $FWDIR/conf/trac_client_1.ttm file on the Security Gateway.

Add these lines:

Copy

:automatic_capi_reauthentication (
:gateway (automatic_capi_reauthentication
:default (true)
)
)

Save the file.
Install policy.

Apply this configuration to all gateways.

Note - To learn more about the TTM file, see The Configuration File.