There are a number of unix-based and NT-based application servers on the
internal network. They are so special that the vendor needs to access these
servers from the Internet to trouble-shoot and support, when needed.
The following are proposed "solutions", your comments/suggestions are
appreciated.
1) SSH for Unix-based servers
2) VNC for NT-based servers
3) VPN for both Unix and NT servers.
In these cases, we need to drill a number of holes on the firewall to allow
port 22, 5900 or/and 50 to pass through. We want to "vendor" to be
authenticated by Check Point Firewall-1 before allowing them to come in and
then access ONLY those servers.
The rule would be
src dst service action
vendor ip encryption-domain-x 50 client-auth
consists of ip of
unix-nt servers
Would such "design" post any security risk to us?
Any comments/suggestions are appreciated.
Dave
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
