[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [[FW1] Restrict Firewall-1 management access to the Firewall]
Not anyone can use the GUI utilities to access the policies, log viewer, or the system status but those listed in $FWDIR/conf/gui-clients. Those, and only those machines, will be allowed access to the management features. In addition, you must also run the FWCONFIG (UNIX, don't know for NT) and add a userid and password for each administrator. In combination then, only those machines with those users could access the management console. As for a rule, you could make a rule like this: userid@any <mgmt console> any SessionAuth Long There are other helps in the FW Mailinglist that describe how to perform local firewall authentication, how Session Authentication works, etc. David C. Diemer, CCSA, CNE Enterprise Security Firewall Engineer Georgia Department of Administrative Services (DOAS) [email protected]>>> Eric Strecker <[email protected]> 10/19/00 03:41PM >>> If I read your question right, the FW administrator must enable remote GUI administration by IP address to specificly prevent logging on from just anywhere... Eric Strecker, CCSA [email protected] wrote: > > > Does anybody has implemented a Restrictive (and secure) Policy to control > GUI access to > the Management station (for example if the guy clients could be anywhere > in the Company WAN) > > Thanks > Maurizio > > > > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ******************************** Eric Strecker Acting Firewall Administrator ;) ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1 ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|