Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [[FW1] Restrict Firewall-1 management access to the Firewall]

To: <[email protected]>, <[email protected]>, <[email protected]>
Subject: Re: [[FW1] Restrict Firewall-1 management access to the Firewall]
From: "David C. Diemer" <[email protected]>
Date: Thu, 19 Oct 2000 16:50:35 -0400
Sender: [email protected]

Not anyone can use the GUI utilities to access the policies, log
viewer, or the system status but those listed in 
$FWDIR/conf/gui-clients.  Those, and only those machines, will
be allowed access to the management features.

In addition, you must also run the FWCONFIG (UNIX, don't know
for NT) and add a userid and password for each administrator.

In combination then, only those machines with those users could
access the management console.

As for a rule, you could make a rule like this:
    userid@any     <mgmt console>     any     SessionAuth     Long

There are other helps in the FW Mailinglist that describe how to
perform local firewall authentication, how Session Authentication
works, etc.

David C. Diemer, CCSA, CNE
Enterprise Security Firewall Engineer
Georgia Department of Administrative Services (DOAS)
[email protected]>>> Eric Strecker <[email protected]> 10/19/00 03:41PM >>>

If I read your question right, the FW administrator must enable remote GUI
administration by IP address to specificly prevent logging on from just
anywhere...

Eric Strecker, CCSA
[email protected] wrote:
> 
> 
> Does anybody has implemented a Restrictive (and secure) Policy to control
> GUI access to
> the Management station (for example  if the guy clients could be anywhere
> in the Company WAN)
> 
> Thanks
> Maurizio
> 
> 
> 
> 
>
================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html 
>
================================================================================

********************************
Eric Strecker
Acting Firewall Administrator ;)

____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1 

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html 
================================================================================

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] gigEthernet for nokia
Next by Date: [FW1] test
Previous by thread: [FW1] gigEthernet for nokia
Next by thread: [FW1] Client authentication
Index(es):
- Date
- Thread