Checkpoint Firewall-1 Policy help

Dear all,

I have a site running a Nokia IP440 Firewall box usking Checkpoint NG Firewall-1.
I am no expert at all with this kind of technology, all this was installed prior to my arrival.

What I need to do is edit the current policy for the firewall to allow myself to Remote Desktop / TS into the network from my own Broadband network at home.

I have a server in the office running the policy editior for the firewall which already has a load of policies setup to connect this firewall to another firewall of similar breed in another office via a VPN. I don't envisage me installing a new rule to allow a TS connection in from my own IP address causeing a major problem to any of the other rules, but not having every really played with this kinda stuff before I couldn't say 100%.

I would like to allow my TS connection to simply come in from my home IP (DNS is preferable as my IP is dynamic) but not essential as the IP rarely changes, and be forwarded to a server of choice (preferably a standalone server on the internal network)

ANy help with this would be fantastic. (if I could give more than 500 points I would!)


Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

srikrishnakConnect With a Mentor Commented:
Okies..First thing first..
Its not recommended to connect from home to a server in the internal network via RDP or TS...Its highly vulnerable n suseptable to eves dropping/wire tapping..As the traffic is not encrypted just imagine if you are on a Cable Network your neighbour can "See/tap" what you are doing.(provided he has got the right knowledge n tools)...
So please review the idea of accessing it from home Via RDP.

Second if you want it any way then all you need to do is just create a rule in the checkpoint FW..
Just open smart console and create a "object" "host" with your IP address. I assume the office server must be created already..
So next step is right click on the screen and try to allow a rule above the explicit deny rule...(depending on the requirements i suggest you to add about 1 or 2 rules above the last rule assuming your usage is not very high...)

So in the rule select source as the newly created "object" and destination "the server @ office" and the tcp port is 3389 by default...Some (

But my opinion consider this as the last option..Even if you dont have any choice then i heard that there are some remote clients which does use SSH to encrypt the data...try that out..

All Courses

From novice to tech pro — start learning today.