[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] SecureClient and strict rules
Hi, We just started to use SecureClient and has two rules like this; (The second line to make it possible for SecureClient users to use ping and traceroute) SecureClientUsers@Any SecureClient-encdom Any ClientEncrypt dest-unreach SecureClient-encdom Any echo-reply accept time-exceeded My question is: Is there a simple way to have more specific restrictions of what SecureClient users can do? Like only http to these servers, ssh to these servers, etc, etc. I guess we have to have multiple rules. Does the users then have to re-authenticate when using a service allowed by another rule or does the firewall understand that it is the same SecureClient user and accept traffic to all rules with ClientEncrypt? _\\|//_ (-0-0-) /-------------------------------ooO-(_)-Ooo------------------------------\ | Magnus Sandberg Email: [email protected] | | Network Engineer, BlueLabs AB http://www.bluelabs.se/ | | Phone: +46-8-470 2155 FAX: +46-8-470 2199 | \------------------------------------------------------------------------/ || || ooO Ooo ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|