Put server B1 or B2 on it's own DMZ and then set your rules up accordingly. Are you able to move the servers to different subnets?
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 12, 2000 11:16 AM
> To: [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: [FW1] Please help: Blocking user jumping to different servers
> using tel net even if not authorized by firewall.
>
>
>
> Dear all, relating to the following schema,
>
>
> NETWORK A
> NETWORK B
>
> WORKSTATION A /------------/ FIREWALL
> /----------------------/ SERVER B1
>
> /
>
> / SERVERB2
>
>
>
> Firewall rule:
> from workstation A to server B1: allow
> any any : drop
>
> I wondering about a solution to avoid a user on workstation A which is
> connected to server B1 to connect to servers B2 using telnet
> or rlogin ...
> Even if the user does not have a permitted access to server
> B2 from its
> workstation, up to me, he can use server b1 as a "gateway" to
> server b2.
>
> Thanks for your help.
>
> Philippe.
>
>
> ==============================================================
> ==================
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>
***********************************************************************
Gruntal & Co., L.L.C.'s e-mail system is for business purposes only.
Messages are not confidential. All e-mail may be reviewed by
authorized supervisors, compliance or internal audit personnel.
E-mail will be archived for at least three years and may be produced
to regulatory agencies or others with a legal right to access such
information. Gruntal will not accept trade order instructions via
e-mail. Please telephone your Account Executive to place trade orders.
Gruntal & Co., L.L.C.
***********************************************************************
