CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have 52 attendees signed up from 14 countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 8/25, 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > SmartDashboard
Reload this Page X-windows Session.
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-07-12
humayun humayun is offline
Senior Member
  
Join Date: 2006-01-30
Posts: 101
Rep Power: 3
humayun has an average reputation (10+)
Default X-windows Session.
I have some users who would like to use X-windows session between a unix/linux machine and their windows XP machine. What are the ports I would need to open up in order for this to work?

Thanks in advance.
__________________
Systems Engineer
Reply With Quote
  #2 (permalink)  
Old 2006-07-13
kva.kva kva.kva is offline
Senior Member
  
Join Date: 2006-01-26
Location: Moscow, Russia
Posts: 706
Rep Power: 3
kva.kva has an average reputation (10+)
Default Re: X-windows Session.
Do you try to add rule with allowing tcp service X11 (X Window System - 6000-6063)?
Reply With Quote
  #3 (permalink)  
Old 2006-07-13
humayun humayun is offline
Senior Member
  
Join Date: 2006-01-30
Posts: 101
Rep Power: 3
humayun has an average reputation (10+)
Default Re: X-windows Session.
Actually i did try to add that using ports 6000-6063 and I also added these ports for Xsession 6000-6250

Its no longer getting dropped in my logs but its still but authenticating the session.

- Humayun
__________________
Systems Engineer
Reply With Quote
  #4 (permalink)  
Old 2006-07-14
Sergej Sergej is offline
Senior Member
  
Join Date: 2005-11-21
Location: Europe, Lithuania
Posts: 291
Rep Power: 3
Sergej has an average reputation (10+)
Default Re: X-windows Session.
X11 is not included to the ANY port definition. You can change this behavior by going to "Advanced Configuration" (last button in last menu under Global Properties) and removing check-mark on the Firewall-1>StateFullImspection for the 'reject_x11_in_any'

P.S. You can also use dbedit if you cool enough :)
Reply With Quote
  #5 (permalink)  
Old 2006-07-14
kva.kva kva.kva is offline
Senior Member
  
Join Date: 2006-01-26
Location: Moscow, Russia
Posts: 706
Rep Power: 3
kva.kva has an average reputation (10+)
Default Re: X-windows Session.
Quote:
Sergej
X11 is not included to the ANY port definition. You can change this behavior by going to "Advanced Configuration" (last button in last menu under Global Properties) and removing check-mark on the Firewall-1>StateFullImspection for the 'reject_x11_in_any'

P.S. You can also use dbedit if you cool enough :)
You right, but if in rule it uses definite service, i think, this configuration isn't importance.
Reply With Quote
  #6 (permalink)  
Old 2006-07-14
kva.kva kva.kva is offline
Senior Member
  
Join Date: 2006-01-26
Location: Moscow, Russia
Posts: 706
Rep Power: 3
kva.kva has an average reputation (10+)
Default Re: X-windows Session.
Quote:
Originally Posted by humayun
Actually i did try to add that using ports 6000-6063 and I also added these ports for Xsession 6000-6250

Its no longer getting dropped in my logs but its still but authenticating the session.

- Humayun
Do you see anything in log on linux server?
Reply With Quote
  #7 (permalink)  
Old 2006-08-18
humayun humayun is offline
Senior Member
  
Join Date: 2006-01-30
Posts: 101
Rep Power: 3
humayun has an average reputation (10+)
Default Re: X-windows Session.
I cant find the Option you mentioned in my NGX (R60) SmartDashboard.

Do you know where precisely its at?
__________________
Systems Engineer
Reply With Quote
  #8 (permalink)  
Old 2006-08-18
kva.kva kva.kva is offline
Senior Member
  
Join Date: 2006-01-26
Location: Moscow, Russia
Posts: 706
Rep Power: 3
kva.kva has an average reputation (10+)
Default Re: X-windows Session.
Use GuiDBEdit for editing.
But it isn't necessarily. You need to edit "reject_x11_in_any" only if you want to allow X11 through Any services. If you explicitly add rule for service X11, it should work.

"X11

X11 connections are not allowed through service 'Any'. All services of type 'Other' and X11 (which is a very special case) require a specific rule, since these services run specific INSPECT code, and are not just 'Accepted'. In order to allow X11 connections, either add a rule that explicitly allows X11 connections, or use Check Point's Database Tool (GUIDbEdit) to set the value of the attribute reject_x11_in_any to 'false'."

http://secureknowledge.checkpoint.co....do?id=sk27124
http://secureknowledge.checkpoint.co....do?id=sk24600
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 07:35.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0