I have a nokia ip 330 clust with NG AI. My clients are connecting via
secureclient to create the vpn yo connect to the network.
I have two rules which concern me
1 . any >fwcluster>echorequest>accept>log This is to allow secureclient
keepalives ---- Since I don't know there ip's ( dialup or leased) -- Is this
echoreply
a security risk ?.
2.
any>fwcluster>fw1_topo,fw1_key,ike<ike_tcp_fw1_pslogon_ng,tunneltest,fw1_scvkeepalive>accept>log.
The clients either dial via isp or connect through there leased lines. My
problem is with the " any " as the source. Are there any security risks
and how to I overcome Secureclient problem of needing keepalive to allow the
firewall to know the connection is still open !
Has anybody got a working example of there rules ?
tks
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
