[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Address Range as part of Security Police?
Hi guys, I'm on Checkpoint ver 4.1 Build 41437 When you want to restrict a user group to an IP range that you created, all network objects except for IP Range is listed. Also if you try to add the IP range to a new group once again you don't see IP ranges listed among the list of Network Objects. -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Friday, August 31, 2001 1:39 PM To: joe Cc: [email protected]; [email protected]; [email protected]; [email protected]; [email protected] Subject: Re: [FW1] Address Range as part of Security Police? Checkpoint Version 4.1 Build 41862 Daniel Fang Joe Delsol <joe@siegewor To: "Daniel.Fang" <[email protected]> ks.com> cc: fhagelsieb <[email protected]>, fw-1-mailinglist <[email protected]>, jaime 08/31/2001 <[email protected]>, RBHATIA <[email protected]> 01:33 PM Subject: Re: [FW1] Address Range as part of Security Police? Please respond to joe In the Source field you should be able to "right click" select "Add User Access" select a group in the location section "Restrict Access" select your network object click "OK" What do you see when you attempt this? What version are you on? JOe [email protected] wrote: >I'd like to follow up this issue because I have same experience. It is a >disadvantage for checkpoint to create a object with range of ip but it >doesn't show up when you want to add it. > >Daniel Fang > > > > > > > Joe Delsol <[email protected]> > Sent by: owner-fw-1-mailinglist To: RBHATIA <[email protected]> > <[email protected] cc: "'Fernando Hagelsieb C.'" <[email protected]>, Velasquez > point.com> Venegas Jaime Omar <[email protected]>, "FW1-MailingList (E-mail)" > <[email protected]> > Subject: Re: [FW1] Address Range as part of Security Police? > 08/29/2001 01:14 PM > Please respond to joe > > > > > > >Are you trying to create a Site-to-site VPN or a client VPN with >secuRemote/Client? > >Off the top of my head, I'd guess that you are wanting a client VPN, since >it does not seem likely that the remote site would for sitte-to-site would >use a dynamic range of addresses. > >For the client VPN you would not normally restrict the source address at >all.. although you could if you wanted to.. >Create the user >Create a group for this VPN access >Add user to Group >Create rule: >Source: add user access and you could restrict to the address range if you >wish >Destination: allowed servers/networks >Service: what you expect >Action: Client Encrypt > >Is this what you were after? > > Joe > > >RBHATIA wrote: > I'm trying something similar but I wasn't sure if this what you were > talking > about. > I need to add a rule that will allow a VPN user access to one server > in my > network. That VPN user will be coming in from a range of IP's (this > range is > a consecutive range but includes approximatly 15 addresses). I created > a > Range for these IP address but when I try to create the new VPN user > and > restrict access to SOURCE from the above range I only see Workstations > and > Groups (no Ranges are listed in available sources). > Please advise. > > -----Original Message----- > From: Fernando Hagelsieb C. [mailto:[email protected]] > Sent: Monday, August 13, 2001 10:55 AM > To: Velasquez Venegas Jaime Omar; FW1-MailingList (E-mail) > Subject: Re: [FW1] Address Range as part of Security Police? > > > > Hi: > > Maybe you can try using a Network object or group instead of usin > g address > range. > > I know that's not a good solution but I think It's an util workaround > and > you wont have any trouble about it. > > Maybe another person has resolved this issue on a more elegant way, > that's > only one suggestion. > > > ----- Original Message ----- > From: "Velasquez Venegas Jaime Omar" <[email protected]> > To: "FW1-MailingList (E-mail)" > <[email protected]> > Sent: Friday, August 10, 2001 6:05 PM > Subject: [FW1] Address Range as part of Security Police? > > > Is there a way to insert an address range object into a rulebase, > say in > Source field of security policy? > > Jaime O. > > > > ============================================================================ > > ==== > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html > > ============================================================================ > > ==== > > > > > ============================================================================ > > ==== > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > > ==== > > > ============================================================================ ==== > > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > > > > > > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|