Hi Christian,
you still have VPN version - so use it!
Look for certificates, keys and so on ;-)
Regards,
Christian Betz
System Engineer
eSecurity Solutions
Prodacta Systemhaus GmbH
Pforzheimer Str. 160 Fon: +49 (0) 7243 382 308
D-76275 Ettlingen Fax: +49 (0) 7243 382 107
Germany Mob: +49 (0) 172 7278924
http://www.prodacta.de
-----Ursprüngliche Nachricht-----
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Gesendet: Montag, 13. August 2001 16:12
An: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Betreff: AW: [FW1] GUI cannot connect to server
Hi,
1. I wonder if you use the dynamic IP assigned from you ISP to connect
to your Firewall with ssh. That means you must have a rule like
any---your_FW---ssh---accept, which I would consider as a huge security
risk. Are you checking HostKeys at all ??
2. You can manage your firewall by adding a rule like
any---your_FW---FW_mgmt---accept which I would consider an even bigger risk.
I don't want to offend you, but your company IS selling IT Security
consultancy. Are you leaving the companies you advice with such big risks ?
We have had that a few eeks ago on this list ::: the fact that some people
do dare selling security as soon as they can spell the word FIREWALL
correctly.
--Joerg
-----Ursprüngliche Nachricht-----
Von: Christian Maxeiner [mailto:[EMAIL PROTECTED]]
Gesendet: Freitag, 10. August 2001 11:06
An: [EMAIL PROTECTED]
Betreff: [FW1] GUI cannot connect to server
I have a big problem connecting to our FW1 with the fwpolicy gui.
We have Check Point VPN-1 Version 4.1 Build 41716 [VPN + DES +
STRONG]installed on a HP-UX Platform. The Management-Module is on the same
server.
The idea is to manage the FW with a gui from my home office by accessing the
FW with ssh, adding the IP-address my ISP has given me to the gui-clients
file and connect with the gui.
But when I add my IP to gui-clients file and try to connect with gui, the
gui says "cannot connect to server".
I have a gui installed on a client in my office at work which works fine.
Even if I want to add a new client in my office at work, the new gui client
says it cannot connect to server.
I have the implied rules activated and when I look in fwlog I can see that
my request is dropped by the firewall with the rule "any -- firewall --
any -- drop" which is one of my last rules. When I allow the new client to
connect with service "FW mgmt" explicitly in a new rule it works fine, but
this can't be my solution because I want to connect to the firewall from my
home office with changing ip-addresses. So the only way for me is to add the
client's ip to the gui-clients file.
Has anybody heard about this strange behaviour ?
Thanks in advance for answerign me
Christian Maxeiner
[EMAIL PROTECTED]
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================