[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Address Range as part of Security Police?
I'd like to follow up this issue because I have same experience. It is a disadvantage for checkpoint to create a object with range of ip but it doesn't show up when you want to add it. Daniel Fang Joe Delsol <[email protected]> Sent by: owner-fw-1-mailinglist To: RBHATIA <[email protected]> <[email protected] cc: "'Fernando Hagelsieb C.'" <[email protected]>, Velasquez point.com> Venegas Jaime Omar <[email protected]>, "FW1-MailingList (E-mail)" <[email protected]> Subject: Re: [FW1] Address Range as part of Security Police? 08/29/2001 01:14 PM Please respond to joe Are you trying to create a Site-to-site VPN or a client VPN with secuRemote/Client? Off the top of my head, I'd guess that you are wanting a client VPN, since it does not seem likely that the remote site would for sitte-to-site would use a dynamic range of addresses. For the client VPN you would not normally restrict the source address at all.. although you could if you wanted to.. Create the user Create a group for this VPN access Add user to Group Create rule: Source: add user access and you could restrict to the address range if you wish Destination: allowed servers/networks Service: what you expect Action: Client Encrypt Is this what you were after? Joe RBHATIA wrote: I'm trying something similar but I wasn't sure if this what you were talking about. I need to add a rule that will allow a VPN user access to one server in my network. That VPN user will be coming in from a range of IP's (this range is a consecutive range but includes approximatly 15 addresses). I created a Range for these IP address but when I try to create the new VPN user and restrict access to SOURCE from the above range I only see Workstations and Groups (no Ranges are listed in available sources). Please advise. -----Original Message----- From: Fernando Hagelsieb C. [mailto:[email protected]] Sent: Monday, August 13, 2001 10:55 AM To: Velasquez Venegas Jaime Omar; FW1-MailingList (E-mail) Subject: Re: [FW1] Address Range as part of Security Police? Hi: Maybe you can try using a Network object or group instead of usin g address range. I know that's not a good solution but I think It's an util workaround and you wont have any trouble about it. Maybe another person has resolved this issue on a more elegant way, that's only one suggestion. ----- Original Message ----- From: "Velasquez Venegas Jaime Omar" <[email protected]> To: "FW1-MailingList (E-mail)" <[email protected]> Sent: Friday, August 10, 2001 6:05 PM Subject: [FW1] Address Range as part of Security Police? Is there a way to insert an address range object into a rulebase, say in Source field of security policy? Jaime O. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|