Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kolobok
Explorer

Limit management access

Hello,

I am at the beginning of my journey with CheckPoints. Starting with 1570W. The Security Gateway is very easy to understand and learn. 

I have a question, which I couldn't find the answer for. The gateway is being used as default gateway for 3 subnets - 192.168.1.X, 192.168.2.X and 192.168.99.X. The third subnets is for management.

I would like to limit the management accessibility in such a way that admins will be able to access the firewall just by the management IP address. Currently, any person on these 3 subnets can access the firewall over port 4434.

I tried to make a policy, which prevents access over port 4434 to the IP address other then the management IP, but this didn't work.

Can you please advise if this is achievable? 

0 Kudos
8 Replies
Danny
Champion Champion
Champion

Can you show us your prevent configuration? What does your firewall log show?

G_W_Albrecht
Legend Legend
Legend

If you have fixed IPs on the internal networks, you can configure Device > System > Admin Access to let just selected users log in from these 3 subnets...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
G_W_Albrecht
Legend Legend
Legend

@_Val_  - can you put this to SMB ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
_Val_
Admin
Admin

done

0 Kudos
the_rock
Legend
Legend

@Danny made a good point...maybe if you send us few screenshots showing how this is configured, we would get better idea to assist you.

0 Kudos
Kolobok
Explorer

Here is a screenshot of the internal interfaces. 

The idea is to allow manage the firewall just by accessing the 192.168.99.1 and prevent the ability to manage it through 192.168.10.1 or 192.168.20.1.

0 Kudos
K_montalvo
Advisor

Hello,

I found this on the CP_R80.20.35_1500_1600_1800_Appliance_Series_AdminGuide_Locally_Managed starting on page 109; The Device > Administrator Access page lets you configure the IP addresses and interface sources that
administrators can use to access the Quantum Spark Appliance. You can also configure the Web and SSH
ports.

I don't know witch Embedded Gaia are you running but you can see if the above works for you,

https://sc1.checkpoint.com/documents/SMB_R80.20.35/AdminGuides/Locally_Managed/EN/Topics/Quantum-Spa...

 

Thanks!

0 Kudos
K_montalvo
Advisor

When you said any person can access the firewall are you referring to accounts with admin permissions?

What you are trying is just that the firewall is reachable via 1 IP address only or to just permit access using the least privilege mode to only specific admins accounts?

What are your expectations, please elaborate,

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events