Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] How to make a rule to allow telnet to the firewall?(Thanks)

To: [email protected]
Subject: Re: [FW-1] How to make a rule to allow telnet to the firewall?(Thanks)
From: "<Guangcheng Wen>" <[email protected]>
Date: Fri, 23 Aug 2002 10:15:25 +0900
In-reply-to: <[email protected]>
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hello,
I get it with your help. Thank you so much.

Cheers,

--Wen

t-systems-fitz> setting antispoofing on eri0 to this network is a problem, if hosts from
t-systems-fitz> network 10.8.46.0/24 want to communicate over the firewall, because this
t-systems-fitz> network is also behind this interface.
t-systems-fitz> So you have to create a network object for 192.168.20.0/24 and for
t-systems-fitz> 10.8.46.0/24, then summarize these objects in a simple group. These group
t-systems-fitz> you use as "Specific" under the topology tab of the eri0-Interface of the
t-systems-fitz> firewallobject.
t-systems-fitz> But I recommend RTFM for understanding antispoofing !!!!
t-systems-fitz>
t-systems-fitz> best regards fitz , CCSA/CCSE
t-systems-fitz>
t-systems-fitz>
t-systems-fitz>
t-systems-fitz> -----Original Message-----
t-systems-fitz> From: <Guangcheng Wen> [mailto:[email protected]]
t-systems-fitz> Sent: Thursday, August 22, 2002 11:57 AM
t-systems-fitz> To: [email protected]
t-systems-fitz> Subject: Re: [FW-1] How to make a rule to allow telnet to the firewall?
t-systems-fitz>
t-systems-fitz> Hello,
t-systems-fitz> Lars.Troen> 1. disconnect firewall from external nets.
t-systems-fitz> Lars.Troen> 2. issue "fw ctl uninstall" on the firewall.
t-systems-fitz> Lars.Troen> 3. Now you can contact the firewall from wherever you like. Use
t-systems-fitz> the policy editor to recreate the lost rule.
t-systems-fitz> Lars.Troen> 3. Install the policy.
t-systems-fitz> Lars.Troen> 4. Reconnect external networks again.
t-systems-fitz> Ok, I get the policy editor back. Thank you so much.
t-systems-fitz> t-systems-fitz> maybe you have some problems with antispoofing. Make sure
t-systems-fitz> that the network
t-systems-fitz> t-systems-fitz> 10.8.46.0 is defined as allowed network at the internal
t-systems-fitz> interface of your
t-systems-fitz> t-systems-fitz> firewallobject. You have to define antispoofing under the
t-systems-fitz> topology tab of
t-systems-fitz> t-systems-fitz> the firewallobject.
t-systems-fitz> Thanks. But I am not sure howto define the network 10.8.46.0 as allowed
t-systems-fitz> network at the inetrnal ineterface of the firewallobject.
t-systems-fitz> The following description is my system and what I did.
t-systems-fitz> fwlb2 is defined as a check point object which topology is as follows,
t-systems-fitz> Name Ip Address Network Mask IP Addresses behind interface
t-systems-fitz> eri0 192.168.20.254 255.255.255.0 This Network
t-systems-fitz> eri1 200.240.2.1 255.255.255.0 External
t-systems-fitz> The Topology of eri0 is
t-systems-fitz> Internal(leads to the local network) is selected.
t-systems-fitz> Under IP Addresses behind this interface,
t-systems-fitz> Network defined by the inetrface IP and Net Mask is selected.
t-systems-fitz> Anti-Spoofing
t-systems-fitz> Perform Anti-Spoofing based on interface topology is checked.
t-systems-fitz> Spoof Tracking: Alert
t-systems-fitz> As you know, I could not telnet to the firewall from any client
t-systems-fitz> from the network 10.8.46.0.
t-systems-fitz> A network object office is defined as,
t-systems-fitz> Network adress: 10.8.46.0
t-systems-fitz> Net Mask: 255.255.255.0
t-systems-fitz> What should I do next?
t-systems-fitz> Best regards,
t-systems-fitz> --Wen
t-systems-fitz>
t-systems-fitz> =================================================
t-systems-fitz> To set vacation, Out Of Office, or away messages,
t-systems-fitz> send an email to [email protected]
t-systems-fitz> in the BODY of the email add:
t-systems-fitz> set fw-1-mailinglist nomail
t-systems-fitz> =================================================
t-systems-fitz> To unsubscribe from this mailing list,
t-systems-fitz> please see the instructions at
t-systems-fitz> http://www.checkpoint.com/services/mailing.html
t-systems-fitz> =================================================
t-systems-fitz> If you have any questions on how to change your
t-systems-fitz> subscription options, email
t-systems-fitz> [email protected]
t-systems-fitz> =================================================
t-systems-fitz>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] How to make a rule to allow telnet to the firewall?
  - From: t-systems-fitz <[email protected]>

Prev by Date: Re: [FW-1] Need help with SecurePlatForm (CheckPoint NG FP2)
Next by Date: Re: [FW-1] Nokia & Checkpoint - stateful failover?
Previous by thread: Re: [FW-1] How to make a rule to allow telnet to the firewall?
Next by thread: [FW-1] Unstable SecuRemote VPN...
Index(es):
- Date
- Thread