Re: [FW-1] SecureCLient

Subject:	Re: [FW-1] SecureCLient
From:	Russell Aspinwall <russell.aspinwall AT FLOMERICS.CO DOT UK>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Fri, 23 Apr 2004 07:06:27 +0100

I have a group SecurIDusers which contains the generic user, when SecureClient 
users connect they
are authenticated via the Ace Server, so a single user is only required in the 
group.


Jason Cameron wrote:

I am in traditional mode. What do you suggest as user groups are only allowed 
in authentication rules
tks

-----Original Message-----
From: Ray Pesek [mailto:sixsigma44 AT HOTMAIL DOT COM]
Sent: Thursday, April 22, 2004 6:10 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] SecureCLient

Foir Source, use "Add User Access" and specify the user group on FW-1 that
contains the IDs of the SecureClient users. The user goup name will then
show up in the Source column.

In R55, the "VPN" cell of the rule should be "RemoteAccess"

Ray

From: Jason Cameron <jasonc AT FIN-X DOT COM>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] SecureCLient
Date: Thu, 22 Apr 2004 07:10:12 +0200

I have a nokia ip 330 clust with NG AI. My clients are connecting via
secureclient to create the vpn yo connect to the network.

I have two rules which concern me

1 . any >fwcluster>echorequest>accept>log   This is to allow secureclient
keepalives ---- Since I don't know there ip's ( dialup or leased) -- Is
this
                           echoreply
a security risk ?.

2.
any>fwcluster>fw1_topo,fw1_key,ike<ike_tcp_fw1_pslogon_ng,tunneltest,fw1_scvkeepalive>accept>log.


The clients either dial via isp or connect through there leased lines. My
problem is with the " any " as the source. Are there any security risks
and how to I overcome Secureclient problem of needing keepalive to allow
the firewall to know the connection is still open !
Has anybody got a working example of there rules ?
tks

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================



_________________________________________________________________
MSN Toolbar provides one-click access to Hotmail from any Web page - FREE
download! http://toolbar.msn.com/go/onm00200413ave/direct/01/

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] SecureCLient, Jason Cameron Re: [FW-1] SecureCLient, Ray Pesek Re: [FW-1] SecureCLient, Jason Cameron Re: [FW-1] SecureCLient, Russell Aspinwall <= [FW-1] SecureClient, Neil Kemp Re: [FW-1] SecureClient, Joe Pope Re: [FW-1] SecureClient, Previtera, Sal Re: [FW-1] SecureClient, Neil Kemp Re: [FW-1] SecureClient, Jeffrey Rogers Re: [FW-1] SecureClient, Neil Kemp

Previous by Date:	Re: [FW-1] NG FP3 - Smart View Tracker log times an hour behind!, Naseer Inamdar
Next by Date:	[FW-1] How can I change NIC model since Secureplatform was installed, Kingsley Chu
Previous by Thread:	Re: [FW-1] SecureCLient, Jason Cameron
Next by Thread:	[FW-1] SecureClient, Neil Kemp
Indexes:	[Date] [Thread] [Top] [All Lists]