Get the boss to arrange with whatever ISP (or even better - the LAN he is
attaching to in Calif.) for a FIXED IP address for the day and advise you
accordingly so that you can build a rule to allow access accordingly -
being sure to only allow appropriate services (only those needed to
demonstrate Intranet) and set only for certain times of day.
Agree a time when you will delete the rule.
Let the boss know the setup exactly and the associated risks.
None of the above is ideal but if the boss insists..... ;-)
Tim Higgins
"Pellowski, Tom"
<[EMAIL PROTECTED]> To:
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>,
Sent by:
"fw-1-mailinglist@lists. us. checkpoint. com (E-mail)"
[EMAIL PROTECTED]
<[EMAIL PROTECTED]>
kpoint.com cc:
Subject: RE: [FW1]
Ideas?
16/07/00 20:08
I would have loved to have that happen. I already hit with that...but it
fell upon deaf ears.
Basically, I told him why even have a FW if you want to do this nonsense...
Oh well.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Saturday, July 15, 2000 20:12
To: [EMAIL PROTECTED]
Subject: RE: [FW1] Ideas?
Importance: High
Even client auth has it's limits. Tell your boss to forget it, the security
risks (especially not knowing the source addresses) far outweigh everything
else.
Thomas Poole
-----Original Message-----
From: Pellowski, Tom [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 14, 2000 4:22 PM
To: fw-1-mailinglist@lists. us. checkpoint. com (E-mail)
Subject: [FW1] Ideas?
Hi all:
I have just been handed something that I do not know if it is possible.
Heres the situation. Big boss is traveling to California to show the other
big bosses what the programmers have done to the intranet.
Boss wants to be able to come from the outside thru the FW and look at the
intranet.
Problem: We have not deployed secure-remote. (Never been a need, and it is
not installed on the FW)
Problem: Getting in has to be as "transparent as possible to the user".
(yeah, right)
Could client authentication handle access to a host inside and nat it to
the
outside?
Thanks in advance.
Tom
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
#**********************************************************************
This message is intended solely for the use of the individual
or organisation to whom it is addressed. It may contain
privileged or confidential information. If you have received
this message in error, please notify the originator immediately.
If you are not the intended recipient, you should not use,
copy, alter, or disclose the contents of this message. All
information or opinions expressed in this message and/or
any attachments are those of the author and are not
necessarily those of Hughes Network Systems Limited,
including its European subsidiaries and affiliates. Hughes
Network Systems Limited, including its European
subsidiaries and affiliates accepts no responsibility for loss
or damage arising from its use, including damage from virus.
#**********************************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
