 | ||
 Restrict SecuRemote Client | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2007-10-29 | |||
| |||
 Restrict SecuRemote Client Hi There, We have a Checkpoint VPN-1 Edge X device and have users connect remotely using the Checkpoint SecuRemote client. Can anyone tell me if there is a way I can specify particular users to connect ONLY to our internal Terminal Server using RDP Client and to nothing else? For example can I only allow them to connect to a specific server using port 3389? I don't want to just open port 3389 on the firewall and let anyone connect to it, I would prefer to use VPN, but I don't want these users to be able to connect to anything else. (These users are going to be remote contractors). Any ideas, Checkpoint related or not, I would certainly appreciate it!  |
| 2007-10-30 | |||
| |||
| Re: Restrict SecuRemote Client Hi Yes you can apply the restrcition based on users. Make different access rules in the Firewall and allow them different servers and services.Use the Simplified mode in VPN and then you can define the access rules in the Firewall. I hope this will help you. Regards Ranjit |
| 2007-10-30 | |||
| |||
| Re: Restrict SecuRemote Client Unfortunately the Edge Boxes won't accept rules from the SMARTCenter with usergroups in them, or certainly couldn't 6 months ago which was the last time that I tried. If the Edge device is at the end of a site-to-site VPN with a full Check Point node then could connect to the central site and allow the secureclient access down the site to site VPN just to the Terminal Services server. Requires that central site be on NGX though however. Otherwise I think you will be better off just static NATting the TS and then connecting that way. Alternatiely setup PPTP VPN on an ISA Server behind the Edge box and connect using a VPN to the ISA box. |
| 2007-10-30 | |||
| |||
| Re: Restrict SecuRemote Client Yeah I thought that this might be the case. The Edge boxes aren't very detailed in the configuration area, even more so because we are not using the SMARTCenter. I do like the idea of using ISA... we do have an ISA server behind our Checkpoint box but it is only single-homed and only really set up as a proxy server with a few basic rules attached to it. To configure it up for VPN would the ISA server need to be multi-homed? Also would I have to set up anything special on the Checkpoint device to get this work? Thanks in advance for your help on this. I am relatively new to working with both Checkpoint and ISA! |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
