PDA

View Full Version : Locking down SSH on UTM-1 Edge N



bhobson2000
2013-03-29, 16:55
I have a couple of UTM-1 Edge N devices I've recently deployed, this is my first experience with them, and I'm trying to lock down SSH. What I'd like to be able to do is use [Internal Networks + IP Address Range], but when I access this menu from Setup-->Management, I'm only allowed a single address range. I've contacted CP Support and the official word is, it is in fact a limitation of the device. Anyone have experience adding more than one address range in the CLI? The other sites we have deployed are on 2200 series, and they'll let you add multiple hosts/networks when locking down ssh in this way.

serlud
2013-03-30, 10:31
I have a couple of UTM-1 Edge N devices I've recently deployed, this is my first experience with them, and I'm trying to lock down SSH. What I'd like to be able to do is use [Internal Networks + IP Address Range], but when I access this menu from Setup-->Management, I'm only allowed a single address range. I've contacted CP Support and the official word is, it is in fact a limitation of the device. Anyone have experience adding more than one address range in the CLI? The other sites we have deployed are on 2200 series, and they'll let you add multiple hosts/networks when locking down ssh in this way.

It is not possible on any Edges..
Due to performance problem with any of them even Edge N with max 5mbit/s VPN and 1000 millisecond responce time just use CP 2200 or any open server with normal lic.

mcnallym
2013-04-03, 07:16
I've only had successfull Edge Deployments where literally a handful of people. Widest deployment was for a Housing company. Would place an Egde on the End of a DSL line in the Show Room and then the Sales Person/People would use the Edge to build a VPN back to the head office rather then use a VPN client.

As a general rule I go with. If the site has a Server then don't use an Edge Device there.

Biggest pain I find with them is the debugging and troubleshooting compared to a regular Check Point SPLAT/Gaia system.

You will only be able to add either a single IP address range for SSH, HTTPS and SNMP connectivity for Management.