NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] SecureClient and strict rules



Hi,

We just started to use SecureClient and has two rules like this;
(The second line to make it possible for SecureClient users to use ping and
traceroute)


SecureClientUsers@Any    SecureClient-encdom    Any        ClientEncrypt


                                            dest-unreach
SecureClient-encdom      Any                echo-reply      accept
                                            time-exceeded



My question is: Is there a simple way to have more specific restrictions of
what SecureClient users can do? Like only http to these servers, ssh to
these servers, etc, etc.

I guess we have to have multiple rules. Does the users then have to
re-authenticate when using a service allowed by another rule or does the
firewall understand that it is the same SecureClient user and accept traffic
to all rules with ClientEncrypt?


                                  _\\|//_
                                  (-0-0-)
/-------------------------------ooO-(_)-Ooo------------------------------\
| Magnus Sandberg                    Email: [email protected]  |
| Network Engineer, BlueLabs AB                  http://www.bluelabs.se/ |
| Phone: +46-8-470 2155                             FAX: +46-8-470 2199  |
\------------------------------------------------------------------------/
                                  ||   ||
                                 ooO   Ooo

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.