[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Office Mode Issue
Hi, Any input for the following situation would be greatly appreciated. My platform is IP350 running NG FP2. I use Traditional Mode policies and Client-Encrypt rules. The global property "Enable decryption on accept" is not checked. I have two groups of SecureClient users: Employees and Customers. Members of the Employees group participate in Office Mode, have full access to the internal network, and use digital certs for authentication. This is working great. Their rule looks like this: Src: Employees | Dest: Internal_Net | Srv: Any | Act: Client Encrypt Members of the Customers group do NOT participate in Office Mode, can access only our mainframe on port 23, and use digital certs for auth. Their rule looks like this: Src: Customers | Dest: Mainframe | Srv: Telnet | Act: Client Encrypt These rules work fine, as is. However, I would like to have members of the Customers group participate in Office Mode. The problem is that if I allow Office Mode to all users, members of the Customers group have full access to our internal network, regardless of what the rule says. Is this by-design or is something not correctly configured? Thanks, Neil De La Cruz, CISSP ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|