Search
	display results
words begin exact words any words part
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] GUI client over Securemote

To: <[email protected]>
Subject: [FW1] GUI client over Securemote
From: "Oliver Bogen" <[email protected]>
Date: Wed, 18 Oct 2000 19:18:55 +0200
Sender: [email protected]
 Sorry I know that I am late.

  but why if you have a ssh connection to your Checkpoint BOX  is there need
  to change the gui-client config for your Firewall.

  just use TeraTermPro or another SSH Client which can do Port Forwarding
and
  forward the TCP Port 258 to your host.

  After that just use your Checkpoint GUI to localhost. In that case
 localhost
  must be your only valid gui-client.


  regards

  Oliver Bogen


> > ----- Original Message -----
> > From: <[email protected]>
> > To: <[email protected]>
> > Sent: Thursday, October 12, 2000 8:40 PM
> > Subject: Re: [FW1] GUI client over Securemote
> >
> >
> > >
> > >
> > > Thanks for the input David, its a reasonable way of doing it, but I
> > suppose
> > > what I really wanted to know is...
> > > Is there any way of getting in securely without modifying the
guiclients
> > > file?
> > > If not then it is a real 'wish list' item for Check Point (do they
> respond
> > > here?)
> > > Paul
> > >
> >
>
> --------------------------------------------------------------------------
> > ------------------
> > >
> > > C. Paul Simons
> > > Corporate Network Services
> > > IHS Energy Group, Englewood, CO.
> > >
> > > Main:> > > Direct:> > > Fax:> > > Mobile:> > >
> > >
> > >
> > >                     "David C. Diemer"
> > >                     <[email protected]>                  To:
> > <[email protected]>,
> > >                     Sent by:
> > <[email protected]>
> > >                     [email protected]        cc:
> > >                     kpoint.com
Subject:
> > Re: [FW1] GUI client over Securemote
> > >
> > >
> > >                     12-10-00 12:12
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > This is the way we do it using the Enterprise edition with the
> management
> > > console
> > > using SSH on UNIX.  In addition, this is the "quick and dirty" method.
> A
> > > more
> > > elegant solution is to use PKI, LDAP, RADIUS, etc.
> > >
> > > Install
> > > 1.  Create a group that contains the userids that should be allowed to
> > > access the
> > >      management console.  In this example, I have created a group
called
> > >      FWAdmin.
> > > 2.  Create a rule using Client Authentication.  The reason for client
> > > authentication is
> > >      because you may come from any IP address and use the defined
> services
> > > as long
> > >      as you are authenticated beforehand.  Insert a rule before the
> > stealth
> > > rule that
> > >      looks like this:
> > >           FWAdmin@any      <mgmt console>     <desired svcs>
> > ClientAuth
> > > Long
> > > 3.  Telnet to port 259 or HTTP to port 900, login, and authenticate
for
> > the
> > > session
> > >      (no. 1, I believe).  The telnet or HTTP session will disconnect
> > > immediately.
> > > 4.  SSH to your management console and login.
> > > 5.  Modify $FWDIR/conf/gui-clients and add your current IP address to
> the
> > >      file.  You may want to create a backup of this file fitst.
> > > 6.  You may now run all the GUI clients from home!
> > >
> > > Backout
> > > Remove your IP address from the gui-clients file and all is well
again.
> > >
> > >
> > >
> > > David C. Diemer, CCSA, CNE
> > > Enterprise Security Firewall Engineer
> > > Georgia Department of Administrative Services (DOAS)
> > > [email protected]
> > >> > >
> > > >>> <[email protected]> 10/12/00 12:52PM >>>
> > >
> > >
> > > Has anyone found a way of running the GUI clients (policy/log/status)
> when
> > > connected via Securemote.
> > > The problem is with the 'cpconfig' setup and what to put in the 'GUI
> > > Clients' without breaking security but not knowing what IP your coming
> in
> > > on.
> > > Paul
> >
>
> --------------------------------------------------------------------------
> > ------------------
> > >
> > >
> > > C. Paul Simons
> > > Corporate Network Services
> > > IHS Energy Group, Englewood, CO.
> > >
> > > Main:> > > Direct:> > > Fax:> > > Mobile:> > >
> > >
> > >
> > >
> >
>
============================================================================
> > ====
> > >
> > >      To unsubscribe from this mailing list, please see the
instructions
> at
> > >                http://www.checkpoint.com/services/mailing.html
> > >
> >
>
============================================================================
> > ====
> > >
> > >
> > >
> > >
> > >
> >
>
============================================================================
> > ====
> > >
> > >      To unsubscribe from this mailing list, please see the
instructions
> at
> > >                http://www.checkpoint.com/services/mailing.html
> > >
> >
>
============================================================================
> > ====
> > >
> > >
> > >
> > >
> > >
> > >
> >
>
============================================================================
> > ====
> > >      To unsubscribe from this mailing list, please see the
instructions
> at
> > >                http://www.checkpoint.com/services/mailing.html
> > >
> >
>
============================================================================
> > ====
> > >
> >
> >
> >
>
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
Prev by Date: [FW1] RE: Mailinglist down?
Next by Date: RE: [FW1] LAN to LAN VPN with same IP scheme
Previous by thread: Re: [FW1] GUI client over Securemote
Next by thread: AW: [FW1] Username in FW-1
Index(es):
- Date
- Thread