How to allow outside access to internal pc securely

Question

pandub 0 Newbie Poster

16 Years Ago

Hi all,

I need to allow an outside service engineer connect to a machine tool (PC attached) to run diagnostics on my network.

What's the best way to allow him temperorily access to this internal pc? This will probably only happen a few times a month, so access doesn't have to be enabled permanently.

I have a checkpoint firewall and use HP procurve managed switches.
Should I be setting up a rule on the firewall or setting up a VLAN on the switch? Or some combination?

Not sure how best to approach this?

Thanks in advance,
Paul

4 Contributors
5 Replies
104 Views
5 Days Discussion Span
Latest Post 16 Years Ago Latest Post by DimaYasny

DimaYasny 180 Godmode enabled

16 Years Ago

webex or logmein

TheOgre 77 Posting Whiz

16 Years Ago

If you're using Checkpoint, create a new VPN group, add a new user to that group, and only allow access to the specific node (machine) they need access to. You can also limit the dates/times they can connect, the protocols they can use once connected. They can use SecureClient (if you have the licenses) which you can pre-configure as a distributable package for them to install. I've never had any luck using SecureRemote, but then again, I haven't tried it since around R54-NG.

I'm curious, though, as to why you'd want to restrict them access to a single machine if they're going to be running "diagnostics" on your entire network?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

humbll 0 Junior Poster in Training · Answer 1 · 2008-03-09T07:40:19+00:00

Click START---->Help----->Invite a friend (remote assistance.

Follow Instructions.

pandub 0 Newbie Poster · Answer 2 · 2008-03-14T22:50:43+00:00

Thanks for all relies.

I've checked out Logmein and also Logmein hamachi (VPN) and both seem to work fine.

TheOgre, thanks for tip..it look goods, but I'll have to read up on it.
The idea is to allow access to a laptop that contains diagnostics and move it from machine to machine.

If you're using Checkpoint, create a new VPN group, add a new user to that group, and only allow access to the specific node (machine) they need access to. You can also limit the dates/times they can connect, the protocols they can use once connected. They can use SecureClient (if you have the licenses) which you can pre-configure as a distributable package for them to install. I've never had any luck using SecureRemote, but then again, I haven't tried it since around R54-NG.
I'm curious, though, as to why you'd want to restrict them access to a single machine if they're going to be running "diagnostics" on your entire network?

DimaYasny 180 Godmode enabled Team Colleague Featured Poster · Answer 3 · 2008-03-14T23:36:12+00:00

TheOgre, not every installation of CP-NG has the VPN module in it. It's actually a very expensive module, even more expensive than the AD auth module (which can be replaced by a simple script talking to a Radius server)