Configuring a 'CheckPoint Firewall-1' for use with PCsync - Search Again

 

SUMMARY

I'm concerned about using PCsync on my corporate network, and want to understand PCsync's Security features. Also, I'm also looking for information about how I can configure my CheckPoint Firewall-1 to allow PCsync to make secure connections. Can you help me?

 

CAUSE

See Technical Document 303, Using PCsync in a Secure Environment for more information.

 

SOLUTION

Currently there is no proxy or stateful inspection mechanism for PCsync. Access is allowed by opening TCP ports 80, 8080, 8443 and 8444 to specific hosts or the network at the discretion of the security administrator.

For sites using NAT with private address space or NAT with port multiplexing, you will be unable to allow incoming PCsync connections. Sites using NAT and mapping their internal IP addresses to valid public addresses can, if they choose, set up static mappings for particular PCsync hosts to be reached from the outside. See Technical Document 305, How to Surf up to a computer behind a Router or Firewall for more information

For demonstration purposes, we will be referencing the private network 192.168.100.0/24 as our internal trusted network with all filtering relative to the public Internet. Implementation is similar for any external network.

For this example, we show how to permit PCsync to the host 192.168.100.45; permitting PCsync to connect to multiple hosts or an entire network is a trivial modification. This does not imply that hosts with private addresses can actually be reached from outside the trusted network, but is a safe example to use.

CheckPoint Firewall-1 is accessed primarily through a GUI interface. To create a rule through the GUI interface you will need to define a Network Object corresponding to the host or network you wish to allow PCsync access to, then define an access rule. Also, create the PCsync service as a TCP/IP service on Ports 80, 8080, 8443 and 8444. Consult your Firewall-1 documentation for additional information.

To add an access rule:

  1. Log in to the Firewall-1 GUI.

  2. From the Edit menu, select Add Rule. Choose the desired insertion point.

  3. Leave the Source as Any.

  4. Set the destination to 192.168.100.45 (you may need to create an object for the endpoint).

  5. Set the Service to PCsync.

  6. Change the Action to Accept.

  7. Set any additional options as desired.

 

 Related Articles

  Configuring a 3Com Home Connect Wireless Gateway for PCsync Connections
  Configuring a Cisco PIX Firewall for use with PCsync Connections
  Configuring a Cisco Router using Access Lists for use with PCsync
  Configuring a NetGear Cable/DSL Router for use with PCsync
  Configuring an Axent Raptor Firewall for use with PCsync
  Configuring D-Link DI-701 Residental Gateway for PCsync Connections

 

Last updated: Tuesday, June 19, 2001

Article #339

Legacy Article #