Management server / Management clients in Checkpoint firewall

Management server / Management clients in Checkpoint firewall

am 22.11.2006 17:25:43 von wildbeast

I'm a bit confused here. I installed the management server on my
firewall machine because I assumed that I would be able to easily use a
management client such as the policy editor to log on to my firewall
and do the modifications. Yet for some reason I am unable to
authenticate when using the policy editor client to log on to my
firewall.

Am I supposed to install the management server on the machine from
which I intend to modify the policies, config, etc. of my firewall?
Shouldn't I be able to just do it with the client software?

Re: Management server / Management clients in Checkpoint firewall

am 22.11.2006 20:57:26 von Chris

wrote in message
news:1164212742.930466.290030@h54g2000cwb.googlegroups.com.. .
> I'm a bit confused here. I installed the management server on my
> firewall machine because I assumed that I would be able to easily use a
> management client such as the policy editor to log on to my firewall
> and do the modifications. Yet for some reason I am unable to
> authenticate when using the policy editor client to log on to my
> firewall.
>
> Am I supposed to install the management server on the machine from
> which I intend to modify the policies, config, etc. of my firewall?
> Shouldn't I be able to just do it with the client software?
>

You have to configure the firewall to accept management connections from
your client. The policy editor can be installed on any machine on the
network as long as the firewall is configured to allow that host.

Re: Management server / Management clients in Checkpoint firewall

am 26.11.2006 12:54:18 von Robby Cauwerts

wildbeast@gmail.com schreef:

.. Yet for some reason I am unable to
> authenticate when using the policy editor client to log on to my
> firewall.

Check the following file on your management server:
$FWDIR/conf/gui-clients
This file should include the ip addresses of the hosts on which
SmartDashboard is installed (the policy editor).
If this is not the case you can edit the file or use the cpconfig
command on your management server.

No need to create additional rules to your rulebase to allow incomming
management connections because this is done with implied rules.

Kr.
Robby