Yes - it made sense now as to your question but that is not possible
as of now and I do not know if the next release will have a feature to
allow Super Users to allow login to the CMA only through MDG and not
directly. But let me understand why would you not like to allow these
users direct access to the CMA. Perhaps, your justifiable reason can
have some other answer to the issue that you have percieved or seen.
Rajeev
On Mar 30, 2005 10:05 PM, cisco4ng <cisco4ng AT yahoo DOT com> wrote:
> Let me give you an example:
>
> I have 2 users, rajeev and cisco4ng. rajeev is Provider-1 super user while
> cisco4ng is customer super user. Provider-1 ip address is 192.168.1.1. The
> CMA's ip addresses are
> 192.168.1.2, 192.168.1.3, 192.168.1.4 and up to 192.168.1.100
>
> According to checkpoint, both rajeev and cisco4ng can use Provider-1 MDG to
> connect
> to 192.168.1.1. Furthermore, rajeev and cisco4ng can use the smart dashboard
> to correct
> to 192.168.1.2 through 192.168.1.100 independently as they wish.
>
> This is what I would like to see being done. I don't want rajeev and
> cisco4ng to connect directly to the CMA using the smart dashboard. I want
> both of these users to connect to
> provider-1 first using Provider-1 MDG. After that, users can "right-click"
> on the CMA and
> open it with smart dashboard. That is the only way they can access the CMA.
> I don't want
> them to connect directly to the CMA without using MDG to connect to
> Provider-1 first.
>
> Does that make sense?
>
>
> Rajeev Gupta <rgup14 AT GMAIL DOT COM> wrote:
> I am not sure if I have understood your question correctly but let me
> add that CMA SDB can be accessed/not accessed independent of MDG. But
> if a user is a P-1 Super User or Customer Super User, he should be
> able to access the CMA SDB - so ensure that the user or the GUI client
> is not configured to access the CMA or MDG to prohibit user from
> logging into the CMA SDB.
>
> The above may not answer your actual question that you have in mind.
> If you can kindly clarify more, we can discuss more.
>
> Rajeev
>
> On Wed, 30 Mar 2005 10:33:16 -0800, cisco4ng wrote:
> > Gurus,
> >
> > Is it possible to probhibit users from logging directly into the CMA via
> > smartdashboard without
> > first logging into Provider-1 via the MDG? I suspect the answer is no
> > because Provider-1 is listening on tcp port 18190 for both the leading
> > interface and the virtual CMA's IP.
> >
> > I would think that it can be done since checkpoint can check for the
> > workstation's IP that launches SmartDashboard also already has a tcp
> > connection with Provider-1 "leading" IP
> > via the MDG. That shouldn't be too hard right?
> >
> > Any comments?
> >
> > cisco4ng
> >
> > ---------------------------------
> > Do you Yahoo!?
> > Make Yahoo! your home page
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > fw-1-owner AT ts.checkpoint DOT com
> > =================================================
> >
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! Small Business - Try our new resources site!
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
