Firewall Wizards mailing list archives
Re: checkpoint authentication on external interface
From: pkc_mls <pkc_mls () yahoo fr>
Date: Mon, 24 Aug 2009 09:58:03 +0200
Francois Yang a écrit :
I hope the list can help me out or point me in the correct direction. In Checkpoint R65 splat when you turn ON Manual authentication, it turns ON port 259 and 900 on both internal and external interfaces. I was wondering if there's a way to turn it OFF on one interface and still keep it on the other. An example would be if you have an edge firewall and you don't want it to be visible from the outside but still need it for other functions. I tried to create a rule that would block anything from the outside to the firewall on those ports and that did nothing. Looking in tracker also showed nothing. I can connect to the login page but I can't see any logs. looking through the implied rules also showed nothing. So does anyone have any suggestions that would not kill my support contract? :)
Hi Frank,Even if the daemon is listening on the port, you still have to go through the rulebase to be able to connect. You should verify if the ports are allowed either in implied or explicit rules. (try to enable the logs on the implied rules
for a short time to get some logs about the auth). I recommend to use explicit rules and allow only from explicit sources.I agree it's better if the daemon accepts connections only on internal IPs, but for this you have to ask checkpoint how to do.
thanks Frank _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- checkpoint authentication on external interface Francois Yang (Aug 20)
- Message not available
- Re: checkpoint authentication on external interface ml10110 (Aug 23)
- Message not available
- Re: checkpoint authentication on external interface pkc_mls (Aug 24)
- Re: checkpoint authentication on external interface Francois Yang (Aug 24)
- Re: checkpoint authentication on external interface Jacson Querubin (Aug 25)
- Re: checkpoint authentication on external interface Francois Yang (Aug 26)
- Re: checkpoint authentication on external interface Francois Yang (Aug 24)