Re: [FW-1] CONF Folder difference...?

Subject:	Re: [FW-1] CONF Folder difference...?
From:	James Lee Bell <nuclear-cowboy AT COX DOT NET>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Mon, 20 Sep 2004 12:50:24 -0700

If this is really a completely standalone setup, why not just turn off
the implied rules that allow gui clients to attach to the management
station, then add back a first rule that allows the box to connect to
itself (if necessary) to gui locally?

IOW, in Dashboard, go to Policy menu, then Global Properties. On
Firewall-1 section, uncheck "Accept VPN-1 & Firewall-1 control
connections. Keep "Accept outgoing packets originating from gateway"
just in case the stand alone setup needs it to connect gui's to itself.
Then push the policy.

Mateo Cabrera wrote:

SHANE:



NO my friend....my customer is very strange....and then my solution must be
strange...!!!

I cannot make understand him that this have not sense, but...the customer is
the customer...and he want that i to "remove" or "cut" some files to prevent
the access.

Perhaps it fears that somebody rob the machine to him...and can read the
rules...or something...jejeje

Then....i only want to "cut" some files of "conf" folder, and i need know
wich are.

I remember you...in R54 if i move the "rulesbase" and "object_5_0.C" files,
I reach what I want, but in R55 it does not work.


Saludos,
Mateo Cabrera - Soporte Tecnico
Security Advisor
www.sadvisor.com


-----Mensaje original-----
De: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM]En nombre de Shane
Presley
Enviado el: lunes, 20 de septiembre de 2004 14:31
Para: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Asunto: Re: [FW-1] CONF Folder difference...?


Why not just not list their IP in GUI-CLIENTS?  Just put a fake IP in
there, so you can't connect from any host?

Shane


On Fri, 17 Sep 2004 14:37:21 -0300, Mateo Cabrera <mcabrera AT sadvisor DOT com>
wrote:

Somebody knows if there are some difference between the "$FWDIR/conf"


folder

in R54 and R55? (On STAND ALONE SecurePlatform environment).

The question is because if i try to remove the files: rul* and obj*
(pertaining to the folder "conf") on R54, i can deny the access to the


FW-1

via GUI clients, and that is what i want...!!! (is a customer requirement)

However in R55 i try to remove the same files but i continue to get access
via GUI clients.

?????????

Saludos,
Mateo Cabrera - Soporte Tecnico
Security Advisor
www.sadvisor.com

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================



=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Checkpoint NGAI 55w, Dave Hornby Re: [FW-1] Checkpoint NGAI 55w, Reinhard Stich [FW-1] CONF Folder difference...?, Mateo Cabrera Re: [FW-1] CONF Folder difference...?, Shane Presley Re: [FW-1] CONF Folder difference...?, Mateo Cabrera Re: [FW-1] CONF Folder difference...?, James Lee Bell <=

Previous by Date:	Re: [FW-1] SPLAT download?, Tom Stala
Next by Date:	[FW-1] R55 & Cisco 3005 VPN Concentrator: Tunnel establishes one-way only., Geoff Brisbine
Previous by Thread:	Re: [FW-1] CONF Folder difference...?, Mateo Cabrera
Next by Thread:	[FW-1] Intruvert and NG AI R55, Nguyen, Thai
Indexes:	[Date] [Thread] [Top] [All Lists]