I'd like to follow up this issue because I have same experience. It is a
disadvantage for checkpoint to create a object with range of ip but it
doesn't show up when you want to add it.
Daniel Fang
Joe Delsol <[email protected]>
Sent by: owner-fw-1-mailinglist To: RBHATIA <[email protected]>
<[email protected] cc: "'Fernando Hagelsieb C.'" <[email protected]>, Velasquez
point.com> Venegas Jaime Omar <[email protected]>, "FW1-MailingList (E-mail)"
<[email protected]>
Subject: Re: [FW1] Address Range as part of Security Police?
08/29/2001 01:14 PM
Please respond to joe
Are you trying to create a Site-to-site VPN or a client VPN with
secuRemote/Client?
Off the top of my head, I'd guess that you are wanting a client VPN, since
it does not seem likely that the remote site would for sitte-to-site would
use a dynamic range of addresses.
For the client VPN you would not normally restrict the source address at
all.. although you could if you wanted to..
Create the user
Create a group for this VPN access
Add user to Group
Create rule:
Source: add user access and you could restrict to the address range if you
wish
Destination: allowed servers/networks
Service: what you expect
Action: Client Encrypt
Is this what you were after?
Joe
RBHATIA wrote:
I'm trying something similar but I wasn't sure if this what you were
talking
about.
I need to add a rule that will allow a VPN user access to one server
in my
network. That VPN user will be coming in from a range of IP's (this
range is
a consecutive range but includes approximatly 15 addresses). I created
a
Range for these IP address but when I try to create the new VPN user
and
restrict access to SOURCE from the above range I only see Workstations
and
Groups (no Ranges are listed in available sources).
Please advise.
-----Original Message-----
From: Fernando Hagelsieb C. [mailto:[email protected]]
Sent: Monday, August 13, 2001 10:55 AM
To: Velasquez Venegas Jaime Omar; FW1-MailingList (E-mail)
Subject: Re: [FW1] Address Range as part of Security Police?
Hi:
Maybe you can try using a Network object or group instead of usin
g address
range.
I know that's not a good solution but I think It's an util workaround
and
you wont have any trouble about it.
Maybe another person has resolved this issue on a more elegant way,
that's
only one suggestion.
----- Original Message -----
From: "Velasquez Venegas Jaime Omar" <[email protected]>
To: "FW1-MailingList (E-mail)"
<[email protected]>
Sent: Friday, August 10, 2001 6:05 PM
Subject: [FW1] Address Range as part of Security Police?
Is there a way to insert an address range object into a rulebase,
say in
Source field of security policy?
Jaime O.
============================================================================
====
To unsubscribe from this mailing list, please see the
instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the
instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the
instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
