Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] user rule

To: "'Camille Edge'" <[email protected]>, [email protected]
Subject: RE: [FW1] user rule
From: "Sprouse, Ben" <[email protected]>
Date: Tue, 6 Feb 2001 07:52:05 -0500
Sender: [email protected]

Title: RE: [FW1] user rule

I would suggest getting this person SeceRemote, it is a part of FW-1/VPN-1 and available free for download at checkpoint's site. You would need to setup user authentication object within the policy database and create a rule similar to the one below:

The user objects you create would need to be setup with the right encryption (IKE, FWZ). We use IKE since it is the easiest to setup and a shared secret is all you need for the firewall and the client authentication.

The SecuRemote is free for download, BUT you MUST get a license for it from your reseller or checkpoint. The license is free, but it is REQUIRED in order for SR.

SecuRemote User objects (or a group) --> Allowed destination --> Allowed Services or Groups access to --> Client Encrypt

This rule would is pretty plain, but it works. \You can restrict the SR users to certain networks or server objects if you want to further lock down their access. I am curious as to why they cnnot get a static IP though...oh well I hope this answers your question...

Regards,

Benjamin Sprouse
Senior Network Architect
eMarketWorld.com, Inc.
700 E. Franklin St.
Suite 600A-700A
Richmond, VA. 23219

[email protected]

-----Original Message-----
From: Camille Edge [mailto:[email protected]]
Sent: Monday, February 05, 2001 10:48 PM
To: [email protected]
Subject: [FW1] user rule

Hi all

I have a question that I didn't find an answer to already and I've
searched the archives here, phoneboy and checkpoint's websites. If
it is out there I apologize, but any help you could give I would
appreciate.

I want to setup a rule to allow an external user access inside my
firewall. The user does not always have a static IP address when
they are online and can not get one from their ISP. However I know
the IP range the user would be coming from. I don't want to give
access to other users from that ISP only this one person. How do I
do this? I figured I must use some sort of user specific
authentication, but I'm not sure what. Currently I don't have
anything setup and really don't want to have to get a third party
product such as secure id for just one user. That just wouldn't be
cost effective. The user has a Mac so I don't think that the secure
remote client would work since it doesn't support Macs from what I
can tell.

How would I write the rule and what objects would I need to create?
Thanks

cee

================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Re: eSafe and two email domains
Next by Date: Re: [FW1] Lost rulebase on FW-1 4.0/Solaris 2.7 (32-bit)
Previous by thread: [FW1] user rule
Next by thread: RE: [FW1] user rule
Index(es):
- Date
- Thread