General discussion

Locked

Checkpoint Firewall Software

By rc2151 ·
We have a Sun system running Checkpoint Firewall software. Our problem is that we would like to be able to allow some of our hardware, and software techs to access our local intranet from the internet. We have a T1 connection to the internet.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Checkpoint Firewall Software

by compaqer In reply to Checkpoint Firewall Softw ...

It's not clear what level of detail you are asking for, but here goes....

1) log on to the security policy editor at the shell with something like the following:

cd $FWDIR/bin
./fwpolicy

enter the username & password for the firewall when prompted.

2) click one of the "add rule" buttons. (I can't tell you whether to add at before/after. The rules are order sensitive, so it depends on what other rules are already in place. (Put it before the stealth rule or the cleanup rule).

3) Define an "external host" rule. This will enable a specific remote host to get inside your firewall.

You can control whether the connection is restricted to a specific internal machine, or all machines insider your firewall. You can also restrict the connection to FTP or HTTP or TCP, etc.

----------------------------------------
The problem with the proceeding solution is that your techs may be doing sensitive things over the network, using privileged passwords, accessing confidential data. Thi

Collapse -

Checkpoint Firewall Software

by rc2151 In reply to Checkpoint Firewall Softw ...

The question was auto-closed by TechRepublic

Collapse -

Checkpoint Firewall Software

by compaqer In reply to Checkpoint Firewall Softw ...

(answer #1 continued)
----------------------------------------
The problem with the proceeding solution is that your techs may be doing sensitive things over the network, using privileged passwords, accessing confidential data. This all passes over the internet in clear text. Bad situation.

Alternatively, you could use the VPN feature of the Checkpoint Firewall to provide a Virtual Private network connection between your techs and your intranet. This provides privacy by encryption.This will require a little more effort to set up, but is the only prudent course of action in most business situations.

Good luck,
Jerry

Collapse -

Checkpoint Firewall Software

by rc2151 In reply to Checkpoint Firewall Softw ...

The question was auto-closed by TechRepublic

Collapse -

Checkpoint Firewall Software

by firewaller In reply to Checkpoint Firewall Softw ...

Let the firewall be a firewall, That is what you paid the money for......If you want your techs to access the intranet go for a ras or extranet solution with encryption.

Collapse -

Checkpoint Firewall Software

by rc2151 In reply to Checkpoint Firewall Softw ...

The question was auto-closed by TechRepublic

Collapse -

Checkpoint Firewall Software

by rc2151 In reply to Checkpoint Firewall Softw ...

This question was auto closed due to inactivity

Back to Desktop Forum
7 total posts (Page 1 of 1)  

Hardware Forums