Security after establishing VPN

Tue May 16 13:38:56 EDT 2000

Yes, sorry... just follow up with a deny rule.

			Ryan

On Tue, 16 May 2000, Michael Louie wrote:

> Ryan,
>
> Please correct me if I'm wrong, but wouldn't this rule only force encrytion of
> pop3 data to the mailserver?  -Perhaps I am not being clear in my question.  I
> would like to implement a remote access solution.  [For example] if I would like
> to restrict access to only pop3 to the mailserver, and not allow users to
> telnet, ftp, etc anywhere else.  Is this possible?
>
>
> Thanks again,
> Mike
>
> On Tue, 16 May 2000, Ryan Russell wrote:
>
> > Assuming you're encryption settings are in place:
> >
> > Source          Dest         Service    Action           Log     Comment
> > not localnet    mailserver   pop3       client-encrypt   long
> >
> > At least, that's what I can recall... I don't run a FW-1 anymore.
> > (Change of jobs... not FW-1's fault :) )
> >
> > 					Ryan
> >
> >
> > On Tue, 16 May 2000, Michael Louie wrote:
> >
> > > Only allowing the use of port 110 to an internal mailserver was only an
> > > example.  How would I define this rule?
> > >
> > >
> > > Thanks,
> > > Mike
> > >
> > > On Tue, 16 May 2000, Ryan Russell wrote:
> > >
> > > > The question isn't clear... are you asking if you can VPN to only port
> > > > 110?  Yes.  You can add a client-encrypt rule to only allow in to port
> > > > 110.  This is for SecuRemote connections, mind you.. though I think the
> > > > same applies to FW-to-FW rules.
> > > >
> > > > 					Ryan
> > > >
> > > > On Mon, 15 May 2000, Michael Louie wrote:
> > > >
> > > > > Does Checkpoint version 4 and later have any built in security for restricting
> > > > > access after a VPN connection is established (port 110 to the mailserver only
> > > > > for example)?  -or am I pretty much forced to purchase an additional firewall?
> > > > >
> > > >
> > > >
> > > >
> > >
> >
> >
>

VPN is sponsored by SecurityFocus.COM