Hi,
we just installed a couple of VPN-1 Edge and IP40s here. Since the management
server to remotely manage them is behind a firewall, we had to NAT the
management server and allow ANY to access it using the SWTP_gateway and
SWTP_sms services (SofaWare stuff).
The problem is that these two services seem to allow complete access for
SmartDashboard and all the other management utilities as well. So anybody is
able to connect to the managemet server and try to hack admin
username/passwords.
Any ideas how to prevent that? I know we could restrict access to the
management to certain IP addresses with CPCONFIG, but that is not really an
option because some admins are coming in through dynamic IPs with SecuRemote.
Are really both of the SWTP_* services needed for Edge? Can this be "split" up
somehow so that only the EDGE sofaware gets through but not the normal
management? And why does the SWTP (SofaWare!) stuff allow the other Checkpoint
management tools? Confusing....
Thanks,
Sascha
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
