Hi Alan,
In the VPN-1 manual (PDF file), check out the ipassignment.conf file. If
you're using SecureClient and Office Mode, you can assign a particular
Office Mode IP address to a particular user account. Then you can add that
Office Mode IP address as a GUI client. Works on a Windows management
station, so it should work on a SPLAT box.
Ray
From: Alan Choyna <achoyna AT PATHF DOT COM>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] SmartDashboard R55 keeps timing out, and VPN connect.
Date: Fri, 17 Sep 2004 07:44:51 -0500
We're just built a management server running splat and R55 HF04 and it
seems our ssh and SmartDashboard sessions times out after after less than 2
minutes of inactivity (sometimes less).
This is a real pain as it locks us out of the SmartDashboard, because it
still thinks the previous session is using it, and we have to do a cpstop
and cpstart to get rid of the lock (why isn't there a lock file we just
remove as in 4.1?)
Is there any way to modify the time out limits for all sessions (including
ssh)?
Another question is how can we connect to the SmartDashboard from the
outside of the FW via VPN? Since the management station is on its own DMZ l
could just allow "*" (anyone) to access it in the user access area of the
management station web interface, and then filter using some firewall
rules, but l wonder if there is a way to allow VPN access from whichever ip
you want to be in that user ip section of the web interface.
Thanks in advance,
Alan
Alan C. Choyna
Senior Consultant
Pathfinder Associates, LLC
<http://www.pathfinderassoc.com/>http://www.pathfinderassoc.com
Internet Strategy Business Consultants
<mailto:achoyna AT pathfinderassoc DOT com>mailto:achoyna@pathf<mailto:achoyna AT
pathfinderassoc DOT com>.com
Business telephone (312) 372-1058. Mobile (773) 255-6662
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
