Member Avatar for pandub

Hi all,

I need to allow an outside service engineer connect to a machine tool (PC attached) to run diagnostics on my network.

What's the best way to allow him temperorily access to this internal pc? This will probably only happen a few times a month, so access doesn't have to be enabled permanently.

I have a checkpoint firewall and use HP procurve managed switches.
Should I be setting up a rule on the firewall or setting up a VLAN on the switch? Or some combination?

Not sure how best to approach this?

Thanks in advance,
Paul

  • 4 Contributors
  • 5 Replies
  • 104 Views
  • 5 Days Discussion Span
  • Latest Post Latest Post by DimaYasny

Recommended Answers

All 5 Replies

Member Avatar for humbll

Click START---->Help----->Invite a friend (remote assistance.

Follow Instructions.

Member Avatar for DimaYasny

webex or logmein

Member Avatar for TheOgre

If you're using Checkpoint, create a new VPN group, add a new user to that group, and only allow access to the specific node (machine) they need access to. You can also limit the dates/times they can connect, the protocols they can use once connected. They can use SecureClient (if you have the licenses) which you can pre-configure as a distributable package for them to install. I've never had any luck using SecureRemote, but then again, I haven't tried it since around R54-NG.

I'm curious, though, as to why you'd want to restrict them access to a single machine if they're going to be running "diagnostics" on your entire network?

Member Avatar for pandub

Thanks for all relies.

I've checked out Logmein and also Logmein hamachi (VPN) and both seem to work fine.

TheOgre, thanks for tip..it look goods, but I'll have to read up on it.
The idea is to allow access to a laptop that contains diagnostics and move it from machine to machine.

If you're using Checkpoint, create a new VPN group, add a new user to that group, and only allow access to the specific node (machine) they need access to. You can also limit the dates/times they can connect, the protocols they can use once connected. They can use SecureClient (if you have the licenses) which you can pre-configure as a distributable package for them to install. I've never had any luck using SecureRemote, but then again, I haven't tried it since around R54-NG.

I'm curious, though, as to why you'd want to restrict them access to a single machine if they're going to be running "diagnostics" on your entire network?

Member Avatar for DimaYasny

TheOgre, not every installation of CP-NG has the VPN module in it. It's actually a very expensive module, even more expensive than the AD auth module (which can be replaced by a simple script talking to a Radius server)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.