Hi, we just installed a couple of VPN-1 Edge and IP40s here. Since the management server to remotely manage them is behind a firewall, we had to NAT the management server and allow ANY to access it using the SWTP_gateway and SWTP_sms services (SofaWare stuff).
The problem is that these two services seem to allow complete access for SmartDashboard and all the other management utilities as well. So anybody is able to connect to the managemet server and try to hack admin username/passwords. Any ideas how to prevent that? I know we could restrict access to the management to certain IP addresses with CPCONFIG, but that is not really an option because some admins are coming in through dynamic IPs with SecuRemote. Are really both of the SWTP_* services needed for Edge? Can this be "split" up somehow so that only the EDGE sofaware gets through but not the normal management? And why does the SWTP (SofaWare!) stuff allow the other Checkpoint management tools? Confusing.... Thanks, Sascha ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
