Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Fw: Need help with rule FW1 3.0b

To: "tom volpe" <[email protected]>, <[email protected]>
Subject: Re: [FW1] Fw: Need help with rule FW1 3.0b
From: "jakevil" <[email protected]>
Date: Fri, 9 Feb 2001 03:21:51 -0500
References: <[email protected]>
Sender: [email protected]

Greetings

You can do this with client auth, and by restricting the location (as
defined in the "add user access" option).  It's been a while since I used
3.0b, but the setup should be the same as on later versions.

First, you'll have to create some users.  Put them in the group
"Clientauth_users" or something similar.
Then create workstation objects for the PCs where they can browse the
Internet from.  Then put those in a group "www_pcs"
Then, you'll have 2 rules.
#    source * destination * service * action
1    clientauth_users@internal_network * specific_machine * HTTP *
client-auth.
2    clientauth_users@www_pcs * ANY * HTTP * client-auth.

Anyone on your internal network can browse to your intranet machine(s)
assuming they authenticate.  Any of the same users, coming from select IPs,
would also be able to browse the Internet.

Regards

jakevil

----- Original Message -----
From: "tom volpe" <[email protected]>
To: <[email protected]>
Sent: Thursday, February 08, 2001 4:21 PM
Subject: [FW1] Fw: Need help with rule FW1 3.0b


>
>
>
>
>  I need help with a rule. I have a 'group' who needs access to the
>  internet and an internal web server from specific PC's with fixed/known
>  IP address's.
>
>  From the above sentence I have determined the SOURCE- 'group', a
>  DESTINATION - 'any' with a known SERVICE - 'http'.
>
>
>  I need to add a rule.
>
>  When a 'group' member uses an un-specified PC (unknown IP address) they
>  can still use the HTTP protocol to an 'internal web server' but not
> have
>  access to the internet.
>
>  Over all I'm trying to limit access to the internet from our internal
>  network for a specific group when they fail to use a predefined PC.
>
>  Any help in this would be much appreciated.
>
>  Sincerely,
>  Tom Volpe
>  Senior Network Janitor
>
>
>
>
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Fw: Need help with rule FW1 3.0b
  - From: "tom volpe" <[email protected]>

Prev by Date: RE: [FW1] Any-->does this include....
Next by Date: RE: [FW1] how to disable RIP on sun ultra 10 solaris?
Previous by thread: [FW1] Fw: Need help with rule FW1 3.0b
Next by thread: [FW1] Linux/Checkpoint Statefull inspection comparison
Index(es):
- Date
- Thread