Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] How to make a rule to allow telnet to the firewall?

To: [email protected]
Subject: Re: [FW-1] How to make a rule to allow telnet to the firewall?
From: t-systems-fitz <[email protected]>
Date: Thu, 22 Aug 2002 12:56:16 +0200
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hello,

setting antispoofing on eri0 to this network is a problem, if hosts from
network 10.8.46.0/24 want to communicate over the firewall, because this
network is also behind this interface.
So you have to create a network object for 192.168.20.0/24 and for
10.8.46.0/24, then summarize these objects in a simple group. These group
you use as "Specific" under the topology tab of the eri0-Interface of the
firewallobject.
But I recommend RTFM for understanding antispoofing !!!!

best regards fitz , CCSA/CCSE



-----Original Message-----
From: <Guangcheng Wen> [mailto:[email protected]]
Sent: Thursday, August 22, 2002 11:57 AM
To: [email protected]
Subject: Re: [FW-1] How to make a rule to allow telnet to the firewall?

Hello,
Lars.Troen> 1. disconnect firewall from external nets.
Lars.Troen> 2. issue "fw ctl uninstall" on the firewall.
Lars.Troen> 3. Now you can contact the firewall from wherever you like. Use
the policy editor to recreate the lost rule.
Lars.Troen> 3. Install the policy.
Lars.Troen> 4. Reconnect external networks again.
Ok, I get the policy editor back. Thank you so much.
t-systems-fitz> maybe you have some problems with antispoofing. Make sure
that the network
t-systems-fitz> 10.8.46.0 is defined as allowed network at the internal
interface of your
t-systems-fitz> firewallobject. You have to define antispoofing under the
topology tab of
t-systems-fitz> the firewallobject.
Thanks. But I am not sure howto define the network 10.8.46.0 as allowed
network at the inetrnal ineterface of the firewallobject.
The following description is my system and what I did.
fwlb2 is defined as a check point object which topology is as follows,
Name Ip Address Network Mask IP Addresses behind interface
eri0 192.168.20.254 255.255.255.0 This Network
eri1 200.240.2.1 255.255.255.0 External
The Topology of eri0 is
Internal(leads to the local network) is selected.
Under IP Addresses behind this interface,
Network defined by the inetrface IP and Net Mask is selected.
Anti-Spoofing
Perform Anti-Spoofing based on interface topology is checked.
Spoof Tracking: Alert
As you know, I could not telnet to the firewall from any client
from the network 10.8.46.0.
A network object office is defined as,
Network adress: 10.8.46.0
Net Mask: 255.255.255.0
What should I do next?
Best regards,
--Wen

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] How to make a rule to allow telnet to the firewall?(Thanks)
  - From: "<Guangcheng Wen>" <[email protected]>

Prev by Date: Re: [FW-1] too many internal hosts--please help
Next by Date: [FW-1] Secure Client Service
Previous by thread: Re: [FW-1] How to make a rule to allow telnet to the firewall?
Next by thread: Re: [FW-1] How to make a rule to allow telnet to the firewall?(Thanks)
Index(es):
- Date
- Thread