NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [FW1] GUI cannot connect to server



Hi,

1.	I wonder if you use the dynamic IP assigned from you ISP to connect
to your Firewall with ssh. That means you must have a rule like
any---your_FW---ssh---accept, which I would consider as a huge security
risk. Are you checking HostKeys at all ??

2.	You can manage your firewall by adding a rule like
any---your_FW---FW_mgmt---accept which I would consider an even bigger risk.

I don't want to offend you, but your company IS selling IT Security
consultancy. Are you leaving the companies you advice with such big risks ?
We have had that a few eeks ago on this list ::: the fact that some people
do dare selling security as soon as they can spell the word FIREWALL
correctly.

--Joerg



-----Ursprüngliche Nachricht-----
Von: Christian Maxeiner [mailto:[email protected]]
Gesendet: Freitag, 10. August 2001 11:06
An: [email protected]
Betreff: [FW1] GUI cannot connect to server




I have a big problem connecting to our FW1 with the fwpolicy gui.
We have Check Point VPN-1 Version 4.1 Build 41716 [VPN + DES +
STRONG]installed on a HP-UX Platform. The Management-Module is on the same
server.
The idea is to manage the FW with a gui from my home office by accessing the
FW with ssh, adding the IP-address my ISP has given me to the gui-clients
file and connect with the gui.
But when I add my IP to gui-clients file and try to connect with gui, the
gui says "cannot connect to server".
I have a gui installed on a client in my office at work which works fine.
Even if I want to add a new client in my office at work, the new gui client
says it cannot connect to server.
I have the implied rules activated and when I look in fwlog I can see that
my request is dropped by the firewall with the rule "any -- firewall --
any -- drop" which is one of my last rules. When I allow the new client to
connect with service "FW mgmt" explicitly in a new rule it works fine, but
this can't be my solution because I want to connect to the firewall from my
home office with changing ip-addresses. So the only way for me is to add the
client's ip to the gui-clients file.
Has anybody heard about this strange behaviour ?
Thanks in advance for answerign me

Christian Maxeiner
[email protected]



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.