You can limit the tracker´s users privileges by creating a Profile (this
can be done when you add an Administrator within the GUI) restricting the
options to Log And Monitoring (even with Read/Only option).
I hope this helps,
Mauricio F. Muñoz Quevedo
Security Consultant
Este correo y cualquier archivo anexo son confidenciales y para uso
exclusivo de la persona o entidad de destino. Esta comunicación puede
contener información protegida por el privilegio de cliente-abogado. Si
usted ha recibido este correo por error, equivocación u omisión queda
estrictamente prohibido la utilización, copia, reimpresión, reenvió o
cualquier acción tomada sobre este correo y puede ser penalizada
legalmente. En tal caso, favor notificar en forma inmediata al remitente.
This e-mail and any files transmitted with it are for the sole use of the
intended recipient(s) and may contain confidential and privileged
information. If you are not the intended recipient, please contact the
sender by reply e-mail and destroy all copies of the original message. Any
unauthorized review, use, disclosure, dissemination, forwarding, printing
or copying of this email or any action taken in reliance on this e-mail is
strictly prohibited and may be unlawful.
"Quick, Richard A." <Richard.Quick AT UNISYS DOT COM>
Sent by: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
25/08/2005 02:24 p.m.
Please respond to
Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To
FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
cc
Subject
[FW-1] smartcenter question
Hey all,
Currently I have (4) smartcenters managing (4) different
firewalls/networks. These networks are totally isolated from one
another by a router outside the firewalls. I'd like to upgrade to NGX
in next 6 months or so but, the nokia's I have won't run NGX and I don't
have money for 4 new firewalls. I was hoping to decommission 3
smartcenters and build them as splat enforcement points. That way I
only need to buy one more server. It would also be nice to have all the
logs in one smartcenter.
I took one of the smartcenters today and made a new policy but I was
still able to see all the objects from the old policy. Is there a way
to have one smartcenter manage multiple enforcement points with
different rulebases but "agency 1" not to be able to see the objects
from "agency 2-4" when they look at their policy.
I also thought about limiting the user's abilities to Tracker. That way
they couldn't see the rules at all. Who knows what kind of political
nightmare that might stir up though?
TIA
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
