Oh,
Sorry, went right past that part about using the GB-1000. So, you would
need to use remote access policies. Also, you should be aware (And
probably are) the GB-1000 has been EOL for since 2003
http://www.gta.com/news/announcement/?n=2004-01-05_01.html
And if you have a GB-1000R it will be EOL August 30, 2009
http://www.gta.com/downloads/external/announcements/2008-06-25_01.pdf
David
On 8/11/2009 8:14 AM, David Brooks wrote:
Hi,
Chris is correct on the user list being quite. We still announce
updates. There is a new forum located at -
http://forum.gta.com/index.php
Only thing I would add to Chris comments is in latest versions you
can use an automatic policy in combination with source address. In
effect it works same as remote access policy. You just do everything
in one spot.
Look at http://demo.gta.com
Configure -> Network -> NAT -> Inbound Tunnel
Tunnel # 3 - Click on Advanced option.
You will see source object of Vendor - Network. This tunnel allows
only access from a Vendor specified network referenced in the object.
Create an address object for your Vendor Network and use this in the
source. This will keep you from having to create remote access policies.
David
On 8/11/2009 7:48 AM, Chris Green wrote:
I haven't seen this public list used in ages! :)
What you are suggesting would work, however it may not be the best
way. To accomplish what you want though you will need to create the
inbound tunnels without checking the automatic accept all filter box,
then create Remote Access Filters which limit the source address of
the rules.
If it were me I would probably put the switch management on its own
VLAN and put a DMZ interface of the firewall on that VLAN. This
would allow you to set up a VPN connection for them to come in and
manage the switches. With a GB-1000 running such an old version of
GB-OS though you only have 3 physical interfaces and no VLANs,
therefore if you're already using the third interface this is not an
option.
Chris Green
Solerant, LLC
On Aug 11, 2009, at 2:06 AM, Robert Jackson wrote:
Current hardware: Gnatbox GB-1000 running v3.2.7s.
We have just upgraded our internal infrastructure and have now replaced
our
old 3Com switches with Cisco Catalyst 2960/2960-G's. We want to give
our
supplier remote access to the switches for maintenance purposes but
nothing
else on our internal LAN.
I was thinking we could use one of our public addresses (we have a
block
of 16)
and assign a unique TCP port against each of the switches. I could then
have
an Inbound Tunnel for each switch (in our case this would mean an
additional
8 tunnels). Is this the best way of doing this and if it is, how can I
limit them
to the suppliers public address?
Regards,
Rab.
===========================================================
Robert Jackson Phone: +44 (0) 141 332
7999
Software Engineer Fax: +44 (0) 141 331
2820
Walker Martyn Ltd
1 Park Circus Place Email:
[email protected]
Glasgow G3 6AH, Scotland Web:
http://www.walkermartyn.co.uk
===========================================================
************************************************************************
The information in this internet E-mail is confidential and is intended
solely for the addressee. Access, copying or re-use of information
in it
by anyone else is unauthorised. Any views or opinions presented are
solely those of the author and do not necessarily represent those of
Walker Martyn Ltd or any of its affiliates. If you are not the
intended recipient please contact [email protected]
Walker Martyn Ltd, company number SC197533. Company is
registered in Scotland and has its registered office at 1 Park
Circus Place, Glasgow G3 6AH, UK.
****************************************************************
------------------------------------------------------
To unsubscribe: [email protected]
For additional commands: [email protected]
------------------------------------------------------
To unsubscribe: [email protected]
For additional commands: [email protected]
------------------------------------------------------
To unsubscribe: [email protected]
For additional commands: [email protected]
------------------------------------------------------
To unsubscribe: [email protected]
For additional commands: [email protected]
