NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] user rule



Title: RE: [FW1] user rule

I would agree....securemote currently is only available as a win client app.


-----Original Message-----
From: Vincent, Mike [mailto:[email protected]]
Sent: Tuesday, February 06, 2001 8:43 AM
To: ''Camille Edge' '; '[email protected] '
Subject: RE: [FW1] user rule


I know you said you did not want a third party product but you could have
the user run an IPSEC client on his Macintosh and set up a shared secret
VPN.  You would have to allow all possible addresses in his DHCP scope in
your VPN rule.  That would at least add authentication and encryption.  If I
remember correctly www.netlock.com and www.nia.com offer IPSEC clients for
Macintosh.

Mike


-----Original Message-----
From: Sprouse, Ben
To: 'Camille Edge'; [email protected]
Sent: 2/6/01 7:52 AM
Subject: RE: [FW1] user rule

I would suggest getting this person SeceRemote, it is a part of
FW-1/VPN-1 and available free for download at checkpoint's site. You
would need to setup user authentication object within the policy
database and create a rule similar to the one below:

The user objects you create would need to be setup with the right
encryption (IKE, FWZ). We use IKE since it is the easiest to setup and a
shared secret is all you need for the firewall and the client
authentication.

The SecuRemote is free for download, BUT you MUST get a license for it
from your reseller or checkpoint. The license is free, but it is
REQUIRED in order for SR.

SecuRemote User objects (or a group) --> Allowed destination --> Allowed
Services or Groups access to --> Client Encrypt

This rule would is pretty plain, but it works. \You can restrict the SR
users to certain networks or server objects if you want to further lock
down their access. I am curious as to why they cnnot get a static IP
though...oh well I hope this answers your question...



Regards,


Benjamin Sprouse
Senior Network Architect
eMarketWorld.com, Inc.
700 E. Franklin St.
Suite 600A-700A
Richmond, VA. 23219

[email protected]

-----Original Message-----
From: Camille Edge [ mailto:[email protected] <mailto:[email protected]>
]
Sent: Monday, February 05, 2001 10:48 PM
To: [email protected]
Subject: [FW1] user rule


Hi all

I have a question that I didn't find an answer to already and I've
searched the archives here, phoneboy and checkpoint's websites.  If
it is out there I apologize, but any help you could give I would
appreciate.

I want to setup a rule to allow an external user access inside my
firewall.  The user does not always have a static IP address when
they are online and can not get one from their ISP.  However I know
the IP range the user would be coming from.  I don't want to give
access to other users from that ISP only this one person.  How do I
do this?  I figured I must use some sort of user specific
authentication, but I'm not sure what.  Currently I don't have
anything setup and really don't want to have to get a third party
product such as secure id for just one user.  That just wouldn't be
cost effective.  The user has a Mac so I don't think that the secure
remote client would work since it doesn't support Macs from what I
can tell.

How would I write the rule and what objects would I need to create?
Thanks

cee


========================================================================
========
     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
<http://www.checkpoint.com/services/mailing.html>
========================================================================
========



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.