Configuring an Axent Raptor Firewall for use with PCsync - Search Again

 

SUMMARY

I'm concerned about using PCsync on my corporate network, and want to understand PCsync's Security features. Also, I'm also looking for information about how I can configure my Axent Raptor firewall to allow PCsync to make secure connections. Can you help me?

 

CAUSE

See Technical Document 303, Using PCsync in a Secure Environment for more information.

 

SOLUTION

Currently there is no proxy or stateful inspection mechanism for PCsync. Access is allowed by opening TCP ports 80, 8080, 8443 and 8444 to specific hosts or the network at the discretion of the security administrator.

For sites using NAT with private address space or NAT with port multiplexing, you will be unable to allow incoming PCsync connections. Sites using NAT and mapping their internal IP addresses to valid public addresses can, if they choose, set up static mappings for particular PCsync hosts to be reached from the outside. See Technical Document 305, How to Surf up to a computer behind a Router or Firewall for more information

For demonstration purposes, we will be referencing the private network 192.168.100.0/24 as our internal trusted network with all filtering relative to the public Internet. Implementation is similar for any external network.

For this example, we show how to permit PCsync to the host 192.168.100.45; permitting PCsync to connect to multiple hosts or an entire network is a trivial modification. This does not imply that hosts with private addresses can actually be reached from outside the trusted network, but is a safe example to use.

The Raptor Firewall from Axent Technologies is managed and configured through a GUI with the actual configuration files neatly tucked away in the background. The recommended and supported method of administration is using the GUI. Instructions are given here for Raptor version 5. For version 6, consult the Raptor documentation.

To enable access to an internal PCsync host, you will need to create a rule:

  1. Click the Rules button on the Hawk toolbar.

  2. Provide a description for the rule if desired.

  3. Click on the For menu, select All.

  4. In the From field, select Universe.

  5. In the To field, select PCsync Host (you may need to create this entity).

  6. Select the Permit Certain Access radio button.

  7. Create a GSP for PCsync.

  8. In the Include window, select only the PCsync protocol.

  9. Set any additional options and click Create.

 

 Related Articles

  Configuring a 'CheckPoint Firewall-1' for use with PCsync
  Configuring a 3Com Home Connect Wireless Gateway for PCsync Connections
  Configuring a Cisco PIX Firewall for use with PCsync Connections
  Configuring a Cisco Router using Access Lists for use with PCsync
  Configuring a NetGear Cable/DSL Router for use with PCsync
  Configuring D-Link DI-701 Residental Gateway for PCsync Connections

 

Last updated: Wednesday, June 20, 2001

Article #343

Legacy Article #