Checkpoint Firewall-1 Policy help

Posted on 2005-04-19
Last Modified: 2013-11-16
Dear all,

I have a site running a Nokia IP440 Firewall box usking Checkpoint NG Firewall-1.
I am no expert at all with this kind of technology, all this was installed prior to my arrival.

What I need to do is edit the current policy for the firewall to allow myself to Remote Desktop / TS into the network from my own Broadband network at home.

I have a server in the office running the policy editior for the firewall which already has a load of policies setup to connect this firewall to another firewall of similar breed in another office via a VPN. I don't envisage me installing a new rule to allow a TS connection in from my own IP address causeing a major problem to any of the other rules, but not having every really played with this kinda stuff before I couldn't say 100%.

I would like to allow my TS connection to simply come in from my home IP (DNS is preferable as my IP is dynamic) but not essential as the IP rarely changes, and be forwarded to a server of choice (preferably a standalone server on the internal network)

ANy help with this would be fantastic. (if I could give more than 500 points I would!)


Question by:DaleHarrison
    1 Comment
    LVL 12

    Accepted Solution

    Okies..First thing first..
    Its not recommended to connect from home to a server in the internal network via RDP or TS...Its highly vulnerable n suseptable to eves dropping/wire tapping..As the traffic is not encrypted just imagine if you are on a Cable Network your neighbour can "See/tap" what you are doing.(provided he has got the right knowledge n tools)...
    So please review the idea of accessing it from home Via RDP.

    Second if you want it any way then all you need to do is just create a rule in the checkpoint FW..
    Just open smart console and create a "object" "host" with your IP address. I assume the office server must be created already..
    So next step is right click on the screen and try to allow a rule above the explicit deny rule...(depending on the requirements i suggest you to add about 1 or 2 rules above the last rule assuming your usage is not very high...)

    So in the rule select source as the newly created "object" and destination "the server @ office" and the tcp port is 3389 by default...Some (

    But my opinion consider this as the last option..Even if you dont have any choice then i heard that there are some remote clients which does use SSH to encrypt the data...try that out..


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
    The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    This video discusses moving either the default database or any database to a new volume.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now