NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] regarding RULES....



I think you need to find the getting started guide for 4.0, which might be
tricky so go for the 4.1 guide as its gonna' give you a fairly good idea of
whats going on.

jp


-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]] On Behalf Of Vicky
Mair
Sent: 01 February 2003 05:42
To: [email protected]
Subject: Re: [FW-1] regarding RULES....


hi there,

sorry about the typos below....was running low on caffeine ;-)

see comments in-line:


-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of Hal
Dorsman
Sent: Friday, January 31, 2003 2:38 PM
To: [email protected]
Subject: Re: [FW-1] regarding RULES....


>
> hi there,
>
>
> i just inherited (as of late last night) vpn-1 & firewall-1 v4.0 which
> is running on nt4.0 svr....

Oh my.  I am SO sorry.  ;)
-----------------
me too ;-)


>
>
> i have some basic question about the security rules and
> procedure...please bare with me while i  through it.

Bare with you?  Now you are going to make me blush.

>
>
> 1. when you create/apply new rules does it take in effect right away
> or do i need to stop and start the service ?

You need to push out (install) the policy.  Look for the 'Install policies'
button on the tool bar.
------------------------------
if i didn't use the "Install policies" button and instead used the saved
button, does that mean my policies didn't get activated even though they are
displayed under the security policy window ?



>
>
> 2. i created the following rules which seems to be fairly simple with
> the packets and going nowhere :(
>
>
> (1)
> source:216.x.x.131 (TACACS+)
> destination: ANY
> service: ANY
> action: ACCEPT
>
> (2)
> source: ANY
> desitnation:216.x.x.131 (TACACS+)
> service: ANY
> action: ACCEPT
>
>
> to keep it real simply i'm trying to reach an external router to do
> authentication and logging to my internal TACACS+
> (216.x.x.131) box. i can't
> even telnet with the above rule. i'm sure i'm missing something really
> obvious.

Routing maybe?  You must establish basic networking fundamentals first. Be
sure you have proper routes going out (default route on the tacacs, and
route to the router), and you MUST have a route back to the 216 network with
the external interface of the FW as the gateway.
-------------------------
the routing piece is working fine as pings are working.


Enable ICMP in the global properties and see if you can ping.
-----------------------
icmp is enabled and working fine for 216.x.x.x network.



>
> do i need to use my gateway address (216.x.x.130 --nt 4.0 svr) as
> destination which is also running the firewall-1 software as opposed
> to ANY ?

No, but the internal IP of the FW must be your default route on your
internal servers.
---------------------------
the default route is set correctly pointing to the FW (sorry for not being
clear) but what i meant to ask was instead of specifying "destination:ANY"
when creating the above policies do i specify
"destination:as_my_default_router_for_216_x_x_131 network" instead ?

hope i'm making sense....if not please ask away and i'll provide more info.


tia,
/vicky



Hal

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.