[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] GUI client over Securemote
This is the way we do it using the Enterprise edition with the management console using SSH on UNIX. In addition, this is the "quick and dirty" method. A more elegant solution is to use PKI, LDAP, RADIUS, etc. Install 1. Create a group that contains the userids that should be allowed to access the management console. In this example, I have created a group called FWAdmin. 2. Create a rule using Client Authentication. The reason for client authentication is because you may come from any IP address and use the defined services as long as you are authenticated beforehand. Insert a rule before the stealth rule that looks like this: FWAdmin@any <mgmt console> <desired svcs> ClientAuth Long 3. Telnet to port 259 or HTTP to port 900, login, and authenticate for the session (no. 1, I believe). The telnet or HTTP session will disconnect immediately. 4. SSH to your management console and login. 5. Modify $FWDIR/conf/gui-clients and add your current IP address to the file. You may want to create a backup of this file fitst. 6. You may now run all the GUI clients from home! Backout Remove your IP address from the gui-clients file and all is well again. David C. Diemer, CCSA, CNE Enterprise Security Firewall Engineer Georgia Department of Administrative Services (DOAS) [email protected]>>> <[email protected]> 10/12/00 12:52PM >>> Has anyone found a way of running the GUI clients (policy/log/status) when connected via Securemote. The problem is with the 'cpconfig' setup and what to put in the 'GUI Clients' without breaking security but not knowing what IP your coming in on. Paul -------------------------------------------------------------------------------------------- C. Paul Simons Corporate Network Services IHS Energy Group, Englewood, CO. Main:Direct:Fax:Mobile:================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|