CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 6 of 6

Thread: SSH connection

  1. #1
    Join Date
    2009-11-06
    Posts
    4
    Rep Power
    0

    Default SSH connection

    Dear All!

    I have a pretty old Solaris box running CheckPoint FW-1 4.1. After the hardware crash I had reinstalled it and fount that everithing works fine... except one thing: I cannot get any access to gateway (neither ssh, nor telnet) but console.

    I have been trying to write some cunning rules but all in vain. Google doesn't help me. Any clues?

    Many thanks, Dmitry.

  2. #2
    Join Date
    2006-07-28
    Location
    San Francisco, USA
    Posts
    2,494
    Rep Power
    16

    Default Re: SSH connection

    No access because those services aren't running, or because the firewall is stopping you?

    If you're on the same network as the box, and you try to telnet to it, or SSH, do you get an immediate reject, or does it time out?

    You're lucky you got the box rebuilt at all - it's hard to get hold of the 4.1 software these days.

  3. #3
    Join Date
    2009-11-06
    Posts
    4
    Rep Power
    0

    Default Re: SSH connection

    Sorry for omitting this.

    Service is running:
    Code:
    bash-2.05b# telnet localhost 22
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    SSH-2.0-OpenSSH_5.3
    Connection from workstation time-out:
    Code:
    bash-2.05b# snoop -d hme0 port 22
    Using device /dev/hme (promiscuous mode)
    106.109.1.109 -> firewall     TCP D=22 S=3724 Syn Seq=3798418643 Len=0 Win=65535 Options=<mss 1460,nop,wscale 3,nop,nop,sackOK>
    106.109.1.109 -> firewall     TCP D=22 S=3724 Syn Seq=3798418643 Len=0 Win=65535 Options=<mss 1460,nop,wscale 3,nop,nop,sackOK>
    106.109.1.109 -> firewall     TCP D=22 S=3724 Syn Seq=3798418643 Len=0 Win=65535 Options=<mss 1460,nop,wscale 3,nop,nop,sackOK>
    Connection pass once I execute 'fw unload'.

    106.109.1.109 listed in the gui-clients.
    Last edited by resident; 2009-11-09 at 02:57. Reason: typo

  4. #4
    Join Date
    2007-06-04
    Posts
    3,312
    Rep Power
    17

    Default Re: SSH connection

    If passes once do an fw unload then sounds like no rules allowing SSH to the box.

    You definitely have a firewall rule that allows

    src = 106.109.1.109
    dst = firewall
    service = ssh
    action = accept

    above the stealth rule.

    GUI Clients just allows access to the Management Server with the SMARTDashboard or Policy Editor in 4.1 language.

  5. #5
    Join Date
    2009-11-06
    Posts
    4
    Rep Power
    0

    Default Re: SSH connection

    Hi, mcnallym!

    Quote Originally Posted by mcnallym View Post
    If passes once do an fw unload then sounds like no rules allowing SSH to the box.

    You definitely have a firewall rule that allows

    src = 106.109.1.109
    dst = firewall
    service = ssh
    action = accept
    Of cource, I have created a rule like this.

    Quote Originally Posted by mcnallym View Post
    above the stealth rule.
    Sorry, I am new for CheckPoint. Could you pls tell me what do you call "Stealth Rule"? My GUI only knows about "Implied Rules". Is it the same? If so, I cannot insert anything above them.

  6. #6
    Join Date
    2009-11-06
    Posts
    4
    Rep Power
    0

    Default Re: SSH connection

    Sorry... sorry... sorry...

    My mistake. Right after the installation, I have changed an IP at the interface and I wasn't correct with all settings. Please, delete this thread.

    Many thanks to everyone.

Similar Threads

  1. HA Connection
    By JPDisney in forum Management High Availability
    Replies: 0
    Last Post: 2009-09-16, 05:21
  2. No Internet connection for fifteen minutes after VPN-Connection
    By mrgrosse in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 0
    Last Post: 2008-02-06, 05:53
  3. FTP Nat - Can't build data connection: Connection timed out
    By ChrisA in forum NAT (Network Address Translation)
    Replies: 6
    Last Post: 2007-06-30, 08:36
  4. connection from outside
    By mystic-d in forum Installing And Upgrading
    Replies: 0
    Last Post: 2006-10-02, 20:19
  5. How to setup a VPN connection over a Natted connection
    By roadrunner in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 0
    Last Post: 2005-08-13, 14:52

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •