Security after establishing VPN
Michael Louie
mlouie at SPEAKEASY.ORG
Tue May 16 13:35:24 EDT 2000
Ryan,
Please correct me if I'm wrong, but wouldn't this rule only force encrytion of
pop3 data to the mailserver? -Perhaps I am not being clear in my question. I
would like to implement a remote access solution. [For example] if I would like
to restrict access to only pop3 to the mailserver, and not allow users to
telnet, ftp, etc anywhere else. Is this possible?
Thanks again,
Mike
On Tue, 16 May 2000, Ryan Russell wrote:
> Assuming you're encryption settings are in place:
>
> Source Dest Service Action Log Comment
> not localnet mailserver pop3 client-encrypt long
>
> At least, that's what I can recall... I don't run a FW-1 anymore.
> (Change of jobs... not FW-1's fault :) )
>
> Ryan
>
>
> On Tue, 16 May 2000, Michael Louie wrote:
>
> > Only allowing the use of port 110 to an internal mailserver was only an
> > example. How would I define this rule?
> >
> >
> > Thanks,
> > Mike
> >
> > On Tue, 16 May 2000, Ryan Russell wrote:
> >
> > > The question isn't clear... are you asking if you can VPN to only port
> > > 110? Yes. You can add a client-encrypt rule to only allow in to port
> > > 110. This is for SecuRemote connections, mind you.. though I think the
> > > same applies to FW-to-FW rules.
> > >
> > > Ryan
> > >
> > > On Mon, 15 May 2000, Michael Louie wrote:
> > >
> > > > Does Checkpoint version 4 and later have any built in security for restricting
> > > > access after a VPN connection is established (port 110 to the mailserver only
> > > > for example)? -or am I pretty much forced to purchase an additional firewall?
> > > >
> > >
> > >
> > >
> >
>
>
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list