Admin Access  

---

 
Everyone is locked out of the firewall, including the admins.  We will give them access, but only to the specific services they need.  Fortunately, CheckPoint has these services predefined.  Also, we limit what sources can access these services by specific systems.  Once again, notice the rule positioning, this rule goes before the Lockdown rule. For larger organizations with several distributed firewalls, you may have to make several rules similar to this one. For example, you may have to create one rule to connect to the Management Station, and another for connecting to the Firewal modules. For this example, we are assuming that both the Management and Firewall mdoule are on a single system. Also, many of you may want to give your admins remote access to the operating systems. In that case, you would add the service "ssh" (or some other secure remote access) to this rule.