[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] How to make a rule to allow telnet to the firewall?(Thanks)
Hello, I get it with your help. Thank you so much. Cheers, --Wen t-systems-fitz> setting antispoofing on eri0 to this network is a problem, if hosts from t-systems-fitz> network 10.8.46.0/24 want to communicate over the firewall, because this t-systems-fitz> network is also behind this interface. t-systems-fitz> So you have to create a network object for 192.168.20.0/24 and for t-systems-fitz> 10.8.46.0/24, then summarize these objects in a simple group. These group t-systems-fitz> you use as "Specific" under the topology tab of the eri0-Interface of the t-systems-fitz> firewallobject. t-systems-fitz> But I recommend RTFM for understanding antispoofing !!!! t-systems-fitz> t-systems-fitz> best regards fitz , CCSA/CCSE t-systems-fitz> t-systems-fitz> t-systems-fitz> t-systems-fitz> -----Original Message----- t-systems-fitz> From: <Guangcheng Wen> [mailto:[email protected]] t-systems-fitz> Sent: Thursday, August 22, 2002 11:57 AM t-systems-fitz> To: [email protected] t-systems-fitz> Subject: Re: [FW-1] How to make a rule to allow telnet to the firewall? t-systems-fitz> t-systems-fitz> Hello, t-systems-fitz> Lars.Troen> 1. disconnect firewall from external nets. t-systems-fitz> Lars.Troen> 2. issue "fw ctl uninstall" on the firewall. t-systems-fitz> Lars.Troen> 3. Now you can contact the firewall from wherever you like. Use t-systems-fitz> the policy editor to recreate the lost rule. t-systems-fitz> Lars.Troen> 3. Install the policy. t-systems-fitz> Lars.Troen> 4. Reconnect external networks again. t-systems-fitz> Ok, I get the policy editor back. Thank you so much. t-systems-fitz> t-systems-fitz> maybe you have some problems with antispoofing. Make sure t-systems-fitz> that the network t-systems-fitz> t-systems-fitz> 10.8.46.0 is defined as allowed network at the internal t-systems-fitz> interface of your t-systems-fitz> t-systems-fitz> firewallobject. You have to define antispoofing under the t-systems-fitz> topology tab of t-systems-fitz> t-systems-fitz> the firewallobject. t-systems-fitz> Thanks. But I am not sure howto define the network 10.8.46.0 as allowed t-systems-fitz> network at the inetrnal ineterface of the firewallobject. t-systems-fitz> The following description is my system and what I did. t-systems-fitz> fwlb2 is defined as a check point object which topology is as follows, t-systems-fitz> Name Ip Address Network Mask IP Addresses behind interface t-systems-fitz> eri0 192.168.20.254 255.255.255.0 This Network t-systems-fitz> eri1 200.240.2.1 255.255.255.0 External t-systems-fitz> The Topology of eri0 is t-systems-fitz> Internal(leads to the local network) is selected. t-systems-fitz> Under IP Addresses behind this interface, t-systems-fitz> Network defined by the inetrface IP and Net Mask is selected. t-systems-fitz> Anti-Spoofing t-systems-fitz> Perform Anti-Spoofing based on interface topology is checked. t-systems-fitz> Spoof Tracking: Alert t-systems-fitz> As you know, I could not telnet to the firewall from any client t-systems-fitz> from the network 10.8.46.0. t-systems-fitz> A network object office is defined as, t-systems-fitz> Network adress: 10.8.46.0 t-systems-fitz> Net Mask: 255.255.255.0 t-systems-fitz> What should I do next? t-systems-fitz> Best regards, t-systems-fitz> --Wen t-systems-fitz> t-systems-fitz> ================================================= t-systems-fitz> To set vacation, Out Of Office, or away messages, t-systems-fitz> send an email to [email protected] t-systems-fitz> in the BODY of the email add: t-systems-fitz> set fw-1-mailinglist nomail t-systems-fitz> ================================================= t-systems-fitz> To unsubscribe from this mailing list, t-systems-fitz> please see the instructions at t-systems-fitz> http://www.checkpoint.com/services/mailing.html t-systems-fitz> ================================================= t-systems-fitz> If you have any questions on how to change your t-systems-fitz> subscription options, email t-systems-fitz> [email protected] t-systems-fitz> ================================================= t-systems-fitz> ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|