Admin Access
Everyone is locked out of the firewall, including the admins.
We will give them access, but only to the specific services they need.
Fortunately, CheckPoint has these services predefined. Also, we limit
what sources can access these services by specific systems. Once
again, notice the rule positioning, this rule goes before the
Lockdown rule.
For larger organizations with several distributed firewalls, you may have
to make several rules similar to this one. For example, you may have to
create one rule to connect to the Management Station, and another for
connecting to the Firewal modules. For this example, we are assuming that
both the Management and Firewall mdoule are on a single system. Also, many of you may
want to give your admins remote access to the operating systems. In that
case, you would add the service "ssh" (or some other secure remote access) to this rule.