Waxing Cerebral

It's great that CheckPoint has a SecureClient for the Mac. It works really well. What doesn't work, is making it stop.

There is no way to prevent it booting at startup. Oh, there are ways referred to by CheckPoint's docs, but as they say in the fine print, that just stops the gui from starting - any security policies (read: complete firewall lockdown) will still be in place. And if you do have the gui up and choose 'Stop VPN-1 SecureClient', again it's only the gui that goes, and you go mad like me having lost your svn, http, etc server, not knowing why. There are ways to control it via the command line which you could script, but your admins have to have allowed it to allow that via some centralised settings at their end.

So, if you do need SC, always launch the gui. If you need access to services on that box, then always choose 'Tools>Disable Security Policy' in SC. And if you don't need it anymore, then say goodbye to it, like I'm about to do.