To all,
Ok, I have gone through all of the instructions on Phoneboy's page and read
all of the messages in the group relating to getting internal services out
to a secure remote client. Now, the idea is to let remote users access (
once authenticated ) to access anything inside, but also to access anything
on that remote user's PC. This can be as simple as tftp'ing a file back to
him or sending an x session back out. I now having two rules :
Source Destination Service Action
1) allusers@any internal_nets any client_encrypt
2) internal_nets any any accept
>From what I can see, any traffic to an already authenticated Secure Remote
user, goes down the tunnels just fine, as it should. But, any other
traffic which originates internally, also exits the firewall. Now this can
be stopped at the router, which only allows IPSec traffic, but this should
not have to be the case. So, the question is, how can I stop all outbound
traffic from exiting the firewall, unless it is specifically destined to an
already established tunnel.
Since the SR connections are NATed to an internal range of addresses, I
tried to create a rule which only allowed internal networks to connect to
that range of addresses :
internal_nets nat_range any accept
This was done with the rule processing set to inbound, but did not work
properly.
Thanks,
John
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
