I am very well aware of Provider-1 because I use it everyday. I am also very aware of the html ruleset export via checkpoint web visualization tool as well but it is not dynamic.
However, even with provider-1, to accomplish what I described earlier, I would need 20 CMAs to achieve the objective. That's a very expensive thing to do. I heard that with Stonegate firewall from Stonesoft, you can have a single SMC but the control is very granular that it CAN do what I described earlier. pkc_mls <[EMAIL PROTECTED]> wrote: cisco4ng a écrit : > I am wondering if someone can shed some lights on this. > > Let say you have SMartCenter (SMC) called SMC_X (SPLAT) > and that this SMC_X manages about 10 pairs of Nokia > firewalls and 10 pairs of SPLAT enforcement modules. > Everything is working fine. So far so good. > > There are 20 security policies to for 20 pairs of > Nokia/SPLAT enforcement modules. I would like to > do the following: > > I want to assign user_A access to the SMC with Read > only access but I only want user_A to be able to see > the log files and policy for a pair of firewall, let > say firewall_A. User_B can see log files and > security policy for firewall_B. User_A and User_B > can not see security policies and log files > for other enforcement modules other than their > respective firewalls. I am not sure if this is > possible in Checkpoint. > > this can be done, but only with provider-1. a smartcenter user or admin has access to all logs and all policies that are on the Smartcenter. if the users are not checkpoint admins, ie they don't have rights to modify the policies, you can set up html export so the users can see only what your web server allows them to see. but the only checkpoint answer to your question is provider-1. > I heard that this can be done with Stonegate > firewalls which use checkpoint technologies and > that it can accomplish what I described above. > > Any comments? Thanks. > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
