Hi all,

I need to allow an outside service engineer connect to a machine tool (PC attached) to run diagnostics on my network.

What's the best way to allow him temperorily access to this internal pc? This will probably only happen a few times a month, so access doesn't have to be enabled permanently.

I have a checkpoint firewall and use HP procurve managed switches.
Should I be setting up a rule on the firewall or setting up a VLAN on the switch? Or some combination?

Not sure how best to approach this?

Thanks in advance,
Paul

Click START---->Help----->Invite a friend (remote assistance.

Follow Instructions.

webex or logmein

If you're using Checkpoint, create a new VPN group, add a new user to that group, and only allow access to the specific node (machine) they need access to. You can also limit the dates/times they can connect, the protocols they can use once connected. They can use SecureClient (if you have the licenses) which you can pre-configure as a distributable package for them to install. I've never had any luck using SecureRemote, but then again, I haven't tried it since around R54-NG.

I'm curious, though, as to why you'd want to restrict them access to a single machine if they're going to be running "diagnostics" on your entire network?

Thanks for all relies.

I've checked out Logmein and also Logmein hamachi (VPN) and both seem to work fine.

TheOgre, thanks for tip..it look goods, but I'll have to read up on it.
The idea is to allow access to a laptop that contains diagnostics and move it from machine to machine.

If you're using Checkpoint, create a new VPN group, add a new user to that group, and only allow access to the specific node (machine) they need access to. You can also limit the dates/times they can connect, the protocols they can use once connected. They can use SecureClient (if you have the licenses) which you can pre-configure as a distributable package for them to install. I've never had any luck using SecureRemote, but then again, I haven't tried it since around R54-NG.

I'm curious, though, as to why you'd want to restrict them access to a single machine if they're going to be running "diagnostics" on your entire network?

TheOgre, not every installation of CP-NG has the VPN module in it. It's actually a very expensive module, even more expensive than the AD auth module (which can be replaced by a simple script talking to a Radius server)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.