[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Secure Remote and X-Windows
One of the solution to this problem is: http://www.phoneboy.com/faq/0164.html Which can help in setting up any outgoing traffic from your internal network to *trusted* (authenticated) securemote clients. SSH is great with encryption and X11 tunneling. But it comes with great danger of port forwarding as a side effect. We generally recommend not to open SSH connection for Securemote users because SR users can setup a port forwarding tunnel and can expose contents of your internal network. You can sort of disable SSH port forwarding at SSH server side but considering all new OS is/will be coming with SSH server and port forwarding ON by default it may be difficult to monitor all such hosts on your internal network. I wrote SSH portforwarding notes in past so I hope that would be helpful to understand goods and bad with SSH port forwarding. http://www.rajeevnet.com/tips_hints/ssh/port_forward.html Rajeev On Friday 09 November 2001 08:49, Lars Troen wrote: > As X-windows is a client/server application where your client runs the X > server this won't work through securemote. The solution is to run an ssh > session to the server and let the x windows session go through the ssh > tunnel. This usually works automagically when you're using ssh. > > Lars > > > -----Original Message----- > > From: Mailing list for discussion of Firewall-1 > > [mailto:[email protected]]On Behalf Of Davis, > > Scott > > Sent: Thursday, November 08, 2001 16:07 > > To: [email protected] > > Subject: [FW-1] Secure Remote and X-Windows > > > > > > I am trying to get X-Windows working over secure remote. I am using > > Checkpoint 4.1 SP4 for the module and SecureClient Version 4.1 SP4 Build > > 4185. I can successfully get to the sever from the client, but when the > > server tries to display back the screen to the client it just dies. In > > looking at the logs I see traffic being decrypted from the client, the > > server sending the data back and being accepted then encrypted. The next > > line I have is a drop from the client to the outside Interface of > > my VPN box > > for protocol esp rule 0 reason decryption failure:Authentication Failure > > scheme: IKE. I have contacted checkpoint, searched through the > > knowledgebase, phoneboy.com and google. Nothing seems to help ! > > > > Any help would be greatly appreciated. > > > > Thanks, > > Scott Davis > > Internet Security Specialist > > T.Rowe Price > > > > =============================================== > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > =============================================== > > =============================================== > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > =============================================== -- ******************************************************************** Rajeev Kumar ([email protected]) http://www.rajeevnet.com ******************************************************************** -- PGP PUBLIC KEY -- http://www.rajeevnet.com/crypto/mypubkey ******************************************************************** What's New on rajeevnet.com: o Unix/Windows password Sync: http://www.rajeevnet.com/linux/passwd_sync/passwd_sync.html o Wonders of 'dd' and 'netcat' :: Cloning Operating Systems http://www.rajeevnet.com/tips_hints/os_clone/os_cloning.html ******************************************************************** =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|