I made a little mistake earlier by saying:
"try makin' two rules in the correct order (the negate one first:)"
this would off course override the rule below...... my mistake. I lost my
head for a seccond there.
But if you on the users define what destinations they are allowed to connect
to and use this rule it would be fine. You also have to define on the Client
Encrypt | Properties | Destination - Intersect with user database. To enale
the use of destination on the users. By doing this you don't have to have
the destinations defined in the rule and could use the negate option :-)
The security of your client-vpn rules can be controlled several places:
* users (destination/source, authentication....)
* encryption domain (by limiting to only hosts that are supposed to be
accessed)
* choice around encryption scheme
* and the specific rules
/erik
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
