NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] GUI client over Securemote

This is the way we do it using the Enterprise edition with the management console
using SSH on UNIX.  In addition, this is the "quick and dirty" method.  A more
elegant solution is to use PKI, LDAP, RADIUS, etc.

Install
1.  Create a group that contains the userids that should be allowed to access the
     management console.  In this example, I have created a group called 
     FWAdmin.
2.  Create a rule using Client Authentication.  The reason for client authentication is
     because you may come from any IP address and use the defined services as long
     as you are authenticated beforehand.  Insert a rule before the stealth rule that 
     looks like this:
          FWAdmin@any      <mgmt console>     <desired svcs>     ClientAuth     Long
3.  Telnet to port 259 or HTTP to port 900, login, and authenticate for the session
     (no. 1, I believe).  The telnet or HTTP session will disconnect immediately.
4.  SSH to your management console and login.
5.  Modify $FWDIR/conf/gui-clients and add your current IP address to the
     file.  You may want to create a backup of this file fitst.
6.  You may now run all the GUI clients from home!

Backout
Remove your IP address from the gui-clients file and all is well again.



David C. Diemer, CCSA, CNE
Enterprise Security Firewall Engineer
Georgia Department of Administrative Services (DOAS)
[email protected]>>> <[email protected]> 10/12/00 12:52PM >>>


Has anyone found a way of running the GUI clients (policy/log/status) when
connected via Securemote.
The problem is with the 'cpconfig' setup and what to put in the 'GUI
Clients' without breaking security but not knowing what IP your coming in
on.
Paul
--------------------------------------------------------------------------------------------

C. Paul Simons
Corporate Network Services
IHS Energy Group, Englewood, CO.

Main:Direct:Fax:Mobile:================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html 
================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.