I am in traditional mode. What do you suggest as user groups are only allowed
in authentication rules
tks
-----Original Message-----
From: Ray Pesek [mailto:sixsigma44 AT HOTMAIL DOT COM]
Sent: Thursday, April 22, 2004 6:10 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] SecureCLient
Foir Source, use "Add User Access" and specify the user group on FW-1 that
contains the IDs of the SecureClient users. The user goup name will then
show up in the Source column.
In R55, the "VPN" cell of the rule should be "RemoteAccess"
Ray
>From: Jason Cameron <jasonc AT FIN-X DOT COM>
>Reply-To: Mailing list for discussion of Firewall-1
><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
>To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>Subject: [FW-1] SecureCLient
>Date: Thu, 22 Apr 2004 07:10:12 +0200
>
>I have a nokia ip 330 clust with NG AI. My clients are connecting via
>secureclient to create the vpn yo connect to the network.
>
>I have two rules which concern me
>
>1 . any >fwcluster>echorequest>accept>log This is to allow secureclient
>keepalives ---- Since I don't know there ip's ( dialup or leased) -- Is
>this
> echoreply
>a security risk ?.
>
>2.
>any>fwcluster>fw1_topo,fw1_key,ike<ike_tcp_fw1_pslogon_ng,tunneltest,fw1_scvkeepalive>accept>log.
>
>
>The clients either dial via isp or connect through there leased lines. My
>problem is with the " any " as the source. Are there any security risks
>and how to I overcome Secureclient problem of needing keepalive to allow
>the firewall to know the connection is still open !
>Has anybody got a working example of there rules ?
>tks
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================
_________________________________________________________________
MSN Toolbar provides one-click access to Hotmail from any Web page - FREE
download! http://toolbar.msn.com/go/onm00200413ave/direct/01/
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
