We put in a little IP120 between a manufacturing server and the internal network. The company that produced the application running on it must have pcAnywhere remote access to it. Of course, this gives them the same access to the internal network that sitting at the console would.
We setup the IP120 so the server was behind it on its own subnet and the "external" interface connected to our internal network. The rulebase only allows the server to go where it needs to on the internal network in order to perform its intended function and only on those services.
The main firewall accepts an IPSEC SecuRemote connection from their IP address and terminates it on the IP120. The IP120 lets them have their pcAnywhere access via broadband but it doesn't let them go anywhere else. It's worked out quite well, actually.
Ray
From: [EMAIL PROTECTED] Reply-To: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [FW-1] use of internal firewalls Date: Tue, 9 Dec 2003 15:43:36 +0000
Hi
Anyone have any good documents on why one should use a internal firewall, or statistics on the number or organisations using internal firewalls.
This E-mail transmission may contain confidential or legally privileged information that is intended for the addressee only. E-mail communications are not necessarily secure and may be intercepted or altered after they are sent. Norwich Union International does not accept liability for any such alterations. Any views or opinions presented are solely those of the author and do not necessarily represent those of Norwich Union International. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or reliance upon the contents of this E-mail is strictly prohibited. If you have received this E-mail transmission in error, please notify the sender immediately, so that Norwich Union International may arrange for its proper delivery. Please then delete the message from your inbox. While steps have been taken to prevent computer viruses, we cannot guarantee that attachments are virus free and we would therefore advise that you make further checks as Norwich Union International are not liable to third parties for any damages resulting.
Norwich Union International Limited is supervised by the Regulatory Authorities of the Republic of Ireland.
Norwich Union International Limited 6 Georges Dock International Financial Services Centre Dublin 1 Republic of Ireland Registered No 303257 Telephone + 353 1 802 8494 Fax + 353 1 802 8400 www.nuinternational.com
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
_________________________________________________________________ Shop online for kids� toys by age group, price range, and toy category at MSN Shopping. No waiting for a clerk to help you! http://shopping.msn.com
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
