Hi guys,
I'm on Checkpoint ver 4.1 Build 41437
When you want to restrict a user group to an IP range that you created, all
network objects except for IP Range is listed. Also if you try to add the IP
range to a new group once again you don't see IP ranges listed among the
list of Network Objects.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 31, 2001 1:39 PM
To: joe
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: Re: [FW1] Address Range as part of Security Police?
Checkpoint Version 4.1 Build 41862
Daniel Fang
Joe Delsol
<joe@siegewor To: "Daniel.Fang"
<[EMAIL PROTECTED]>
ks.com> cc: fhagelsieb
<[EMAIL PROTECTED]>, fw-1-mailinglist
<[EMAIL PROTECTED]>, jaime
08/31/2001 <[EMAIL PROTECTED]>, RBHATIA
<[EMAIL PROTECTED]>
01:33 PM Subject: Re: [FW1] Address
Range as part of Security Police?
Please
respond to
joe
In the Source field you should be able to "right click"
select "Add User Access"
select a group
in the location section "Restrict Access"
select your network object
click "OK"
What do you see when you attempt this?
What version are you on?
JOe
[EMAIL PROTECTED] wrote:
>I'd like to follow up this issue because I have same experience. It is a
>disadvantage for checkpoint to create a object with range of ip but it
>doesn't show up when you want to add it.
>
>Daniel Fang
>
>
>
>
>
>
> Joe Delsol <[EMAIL PROTECTED]>
> Sent by: owner-fw-1-mailinglist To:
RBHATIA <[EMAIL PROTECTED]>
> <[EMAIL PROTECTED] cc:
"'Fernando Hagelsieb C.'" <[EMAIL PROTECTED]>, Velasquez
> point.com> Venegas
Jaime Omar <[EMAIL PROTECTED]>, "FW1-MailingList (E-mail)"
>
<[EMAIL PROTECTED]>
> Subject:
Re: [FW1] Address Range as part of Security Police?
> 08/29/2001 01:14 PM
> Please respond to joe
>
>
>
>
>
>
>Are you trying to create a Site-to-site VPN or a client VPN with
>secuRemote/Client?
>
>Off the top of my head, I'd guess that you are wanting a client VPN, since
>it does not seem likely that the remote site would for sitte-to-site would
>use a dynamic range of addresses.
>
>For the client VPN you would not normally restrict the source address at
>all.. although you could if you wanted to..
>Create the user
>Create a group for this VPN access
>Add user to Group
>Create rule:
>Source: add user access and you could restrict to the address range if you
>wish
>Destination: allowed servers/networks
>Service: what you expect
>Action: Client Encrypt
>
>Is this what you were after?
>
> Joe
>
>
>RBHATIA wrote:
> I'm trying something similar but I wasn't sure if this what you were
> talking
> about.
> I need to add a rule that will allow a VPN user access to one server
> in my
> network. That VPN user will be coming in from a range of IP's (this
> range is
> a consecutive range but includes approximatly 15 addresses). I
created
> a
> Range for these IP address but when I try to create the new VPN user
> and
> restrict access to SOURCE from the above range I only see
Workstations
> and
> Groups (no Ranges are listed in available sources).
> Please advise.
>
> -----Original Message-----
> From: Fernando Hagelsieb C. [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 13, 2001 10:55 AM
> To: Velasquez Venegas Jaime Omar; FW1-MailingList (E-mail)
> Subject: Re: [FW1] Address Range as part of Security Police?
>
>
>
> Hi:
>
> Maybe you can try using a Network object or group instead of usin
> g address
> range.
>
> I know that's not a good solution but I think It's an util workaround
> and
> you wont have any trouble about it.
>
> Maybe another person has resolved this issue on a more elegant way,
> that's
> only one suggestion.
>
>
> ----- Original Message -----
> From: "Velasquez Venegas Jaime Omar" <[EMAIL PROTECTED]>
> To: "FW1-MailingList (E-mail)"
> <[EMAIL PROTECTED]>
> Sent: Friday, August 10, 2001 6:05 PM
> Subject: [FW1] Address Range as part of Security Police?
>
>
> Is there a way to insert an address range object into a
rulebase,
> say in
> Source field of security policy?
>
> Jaime O.
>
>
>
>
============================================================================
>
> ====
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
>
>
============================================================================
>
> ====
>
>
>
>
>
============================================================================
>
> ====
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
>
> ====
>
>
>
============================================================================
====
>
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
>
>
>
>
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
