CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 3 of 3

Thread: Locking down SSH on UTM-1 Edge N

  1. #1
    Join Date
    2013-01-17
    Posts
    1
    Rep Power
    0

    Default Locking down SSH on UTM-1 Edge N

    I have a couple of UTM-1 Edge N devices I've recently deployed, this is my first experience with them, and I'm trying to lock down SSH. What I'd like to be able to do is use [Internal Networks + IP Address Range], but when I access this menu from Setup-->Management, I'm only allowed a single address range. I've contacted CP Support and the official word is, it is in fact a limitation of the device. Anyone have experience adding more than one address range in the CLI? The other sites we have deployed are on 2200 series, and they'll let you add multiple hosts/networks when locking down ssh in this way.

  2. #2
    Join Date
    2006-12-04
    Posts
    1,316
    Rep Power
    15

    Default Re: Locking down SSH on UTM-1 Edge N

    Quote Originally Posted by bhobson2000 View Post
    I have a couple of UTM-1 Edge N devices I've recently deployed, this is my first experience with them, and I'm trying to lock down SSH. What I'd like to be able to do is use [Internal Networks + IP Address Range], but when I access this menu from Setup-->Management, I'm only allowed a single address range. I've contacted CP Support and the official word is, it is in fact a limitation of the device. Anyone have experience adding more than one address range in the CLI? The other sites we have deployed are on 2200 series, and they'll let you add multiple hosts/networks when locking down ssh in this way.
    It is not possible on any Edges..
    Due to performance problem with any of them even Edge N with max 5mbit/s VPN and 1000 millisecond responce time just use CP 2200 or any open server with normal lic.
    Last edited by serlud; 2013-03-30 at 10:39.

  3. #3
    Join Date
    2007-06-04
    Posts
    3,312
    Rep Power
    17

    Default Re: Locking down SSH on UTM-1 Edge N

    I've only had successfull Edge Deployments where literally a handful of people. Widest deployment was for a Housing company. Would place an Egde on the End of a DSL line in the Show Room and then the Sales Person/People would use the Edge to build a VPN back to the head office rather then use a VPN client.

    As a general rule I go with. If the site has a Server then don't use an Edge Device there.

    Biggest pain I find with them is the debugging and troubleshooting compared to a regular Check Point SPLAT/Gaia system.

    You will only be able to add either a single IP address range for SSH, HTTPS and SNMP connectivity for Management.

Similar Threads

  1. Remote SSH to UTM-1 Edge
    By gabine in forum SSH (Secure Shell For Linux/SecurePlatform/IPSO)
    Replies: 1
    Last Post: 2011-05-20, 15:00
  2. Replies: 0
    Last Post: 2010-10-11, 04:50
  3. UTM SSH password prompt after 20 Seconds
    By avilT in forum Miscellaneous
    Replies: 12
    Last Post: 2009-10-12, 17:26
  4. UTm-1 Edge X not pingable, no http or ssh not accessible after reboot
    By tdemarest in forum Check Point UTM-1 Edge Appliances
    Replies: 0
    Last Post: 2009-02-15, 17:24
  5. how to enable UTM telnet/ssh service?
    By weichunxia in forum SSH (Secure Shell For Linux/SecurePlatform/IPSO)
    Replies: 1
    Last Post: 2008-10-14, 09:14

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •