CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have 52 attendees signed up from 14 countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 8/25, 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Topology Issues
Reload this Page Access rule for guest network
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2007-07-26
immen immen is offline
Junior Member
  
Join Date: 2006-12-08
Location: Helsinki
Posts: 13
Rep Power: 0
immen has an average reputation (10+)
Default Access rule for guest network
Hi,
I'm trying to setup guest network and is there any efficient way to create access rule? I want that only http is allowed to the internet (all addresses behind the external interface). Do I have to first create drop rule for all internal addresses and after that accept traffic from guest network to <any> useing http protocol? Can I some how define external interface into rule?

Any advices?

Thanks,
Jani
Reply With Quote
  #2 (permalink)  
Old 2007-07-30
mcnallym mcnallym is offline
Senior Member
  
Join Date: 2007-06-04
Posts: 983
Rep Power: 2
mcnallym has an average reputation (10+)
Default Re: Access rule for guest network
What you need to do is negate the rule.

To do this create a group that contains all of the private networks that are included in your own network, this includes internal and DMZ networks.

Then write the rule as

src = guest_network
dst = newgroup

Then right click in the destination coloum and select the negate cell.

What this does is create a rule that allows the guest access anywhere other then your internal and dmz networks
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 04:02.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0