Telnet Access Permissions
Each gwuser and gwgroup defined in the gwuser database owns a set of telnet
access permissions. The set can be empty or it can contain a combination
of the permissions described below.
When a telnet request is made to the firewall and authentication is
required (see TNPROXY ), the two sets
of telnet access permissions -the set defined for the current gwuser and
the set defined for the gwgroup which the gwuser belong - are merged and
the union set is used to determine whether the connection is to be allowed
or not.
None
No telnet access permission is given to this gwuser or gwgroup.
PRO_TN
Allows telnet accesses that are initiated from a protected network
for this gwuser or gwgroup. The access will be allowed if the user
passes the gwuser password authentication. This permission and
PRO_TNSA are mutually exclusive
PRO_TNSA
Allows telnet accesses that are initiated from a protected network
for this gwuser or gwgroup. The access will be allowed only if the
user passes a strong user authentication. This permission and
PRO_TN are mutually exclusive.
UNPRO_TN
Allows telnet accesses that are initiated from an unprotected network
for this gwuser or gwgroup. The access will be allowed only if the
user passes a strong user authentication.
ADM_TN
Allows telnet accesses to login to the firewall itself. Whether
the gwuser is allowed to login to the firewall from a protected or unprotected
network is controlled by the PRO_TNSA
and the UNPRO_TN permissions.
Note that if this permission is selected, the PRO_TN
permission will automatically become PRO_TNSA
to enforce strong user authentication from either side of the firewall.