[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] How to make a rule to allow telnet to the firewall?
Hello, setting antispoofing on eri0 to this network is a problem, if hosts from network 10.8.46.0/24 want to communicate over the firewall, because this network is also behind this interface. So you have to create a network object for 192.168.20.0/24 and for 10.8.46.0/24, then summarize these objects in a simple group. These group you use as "Specific" under the topology tab of the eri0-Interface of the firewallobject. But I recommend RTFM for understanding antispoofing !!!! best regards fitz , CCSA/CCSE -----Original Message----- From: <Guangcheng Wen> [mailto:[email protected]] Sent: Thursday, August 22, 2002 11:57 AM To: [email protected] Subject: Re: [FW-1] How to make a rule to allow telnet to the firewall? Hello, Lars.Troen> 1. disconnect firewall from external nets. Lars.Troen> 2. issue "fw ctl uninstall" on the firewall. Lars.Troen> 3. Now you can contact the firewall from wherever you like. Use the policy editor to recreate the lost rule. Lars.Troen> 3. Install the policy. Lars.Troen> 4. Reconnect external networks again. Ok, I get the policy editor back. Thank you so much. t-systems-fitz> maybe you have some problems with antispoofing. Make sure that the network t-systems-fitz> 10.8.46.0 is defined as allowed network at the internal interface of your t-systems-fitz> firewallobject. You have to define antispoofing under the topology tab of t-systems-fitz> the firewallobject. Thanks. But I am not sure howto define the network 10.8.46.0 as allowed network at the inetrnal ineterface of the firewallobject. The following description is my system and what I did. fwlb2 is defined as a check point object which topology is as follows, Name Ip Address Network Mask IP Addresses behind interface eri0 192.168.20.254 255.255.255.0 This Network eri1 200.240.2.1 255.255.255.0 External The Topology of eri0 is Internal(leads to the local network) is selected. Under IP Addresses behind this interface, Network defined by the inetrface IP and Net Mask is selected. Anti-Spoofing Perform Anti-Spoofing based on interface topology is checked. Spoof Tracking: Alert As you know, I could not telnet to the firewall from any client from the network 10.8.46.0. A network object office is defined as, Network adress: 10.8.46.0 Net Mask: 255.255.255.0 What should I do next? Best regards, --Wen ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|