[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] How to make a rule to allow telnet to the firewall?
Hi, maybe you have some problems with antispoofing. Make sure that the network 10.8.46.0 is defined as allowed network at the internal interface of your firewallobject. You have to define antispoofing under the topology tab of the firewallobject. And define "Alert" under "Spoof Tracking" so you will see the dropped packets it in your logviewer. best regards fitz, CCSA/CCSE -----Original Message----- From: <Guangcheng Wen> [mailto:[email protected]] Sent: Friday, August 16, 2002 8:13 AM To: [email protected] Subject: Re: [FW-1] How to make a rule to allow telnet to the firewall? Thank you so much for your advice. Lars.Troen> I guess you should put the Checkpoint cd in your pc and go to the "/Docs/Check Point Suite/" directory. I guess the document "Getting Started.pdf" would be a good starting point, but there are also other useful documents in there ;-) Aaron.Reynolds> You should run the GUI to modify rules. Yes, I am reading it and have succeeded in telneting the FW-1 from a internal LAN which has the same network address with FW-1. But I could not telnet the FW-1 from a internal LAN which has a different network address with FW-1 yet. The two internal LAN are connected to each other by a router. The rule was made as follows, No SOURCE DESTINATION SERVICE ACTION TRACK INSTALL ON TIME 1 *Any FW-1 telnet accept Log FW-1 *Any FW-1 is in the network 192.168.20.0 and my client box is in the network 10.8.46.0. >From my client box, $route -n 192.168.20.0 10.8.46.212 255.255.255.0 UG 0 0 0 eth0 10.8.46.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 10.8.46.254 0.0.0.0 UG 0 0 0 eth0 How to set a rule to allow my client from the network 10.8.46.0 to telnet the FW-1 in the network 192.168.20.0? Thank you so much for your consideration! Best regards, --Wen ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|