Hi, is there any way of only opening selected web server ports at specific times. For example, only allow FTP server access during office hours?
If nothing inbuilt, can you advise if and how one might setup Windows Scheduled Tasks for this?
Scheduled opening/closing of ports
Re: Scheduled opening/closing of ports
Hi,
Time based firewall rules are not available in the current version of CG (EH-1.3.6 at the time of writing). However you yourself have suggested a smart workaround based on the usage of a scheduler. My recommendation is to use an SSH client on the scheduler side to activate/deactivate required firewall rules at required times.
In order to avoid having to enter CG's admin password whenever your scheduler connects to CG, you can generate a public/private SSH key pair on the client side and import the public key into CG. You can find more information on how to import an SSH public key into CG at https://www.cacheguard.net/doc/guide/ad ... e.html#ssh.
Therefore if you have previously added a firewall rule named R1, your ssh call under a Linux system would look like this (assuming that your CG has the IP address 10.0.10.254):
Under Windows you can replace the ssh command by your favourite SSH client (putty?) and its appropriate options.
Best Regards,
Time based firewall rules are not available in the current version of CG (EH-1.3.6 at the time of writing). However you yourself have suggested a smart workaround based on the usage of a scheduler. My recommendation is to use an SSH client on the scheduler side to activate/deactivate required firewall rules at required times.
In order to avoid having to enter CG's admin password whenever your scheduler connects to CG, you can generate a public/private SSH key pair on the client side and import the public key into CG. You can find more information on how to import an SSH public key into CG at https://www.cacheguard.net/doc/guide/ad ... e.html#ssh.
Therefore if you have previously added a firewall rule named R1, your ssh call under a Linux system would look like this (assuming that your CG has the IP address 10.0.10.254):
Code: Select all
ssh admin@10.0.10.254 "firewall external off R1 ; apply force ; quit"Best Regards,
Re: Scheduled opening/closing of ports
Hi
I followed the link above. After running
admin ssh key add ftp <file-server-ip> <sshkey-file-name>
I got 100%. Please note I had to change tftp to ftp. Hope that's ok?
Running
ssh admin@10.0.10.254 "firewall external off R1 ; apply force ; quit"
still prompts me for a password.
What have I missed and where can I see my public key in CG?
I followed the link above. After running
admin ssh key add ftp <file-server-ip> <sshkey-file-name>
I got 100%. Please note I had to change tftp to ftp. Hope that's ok?
Running
ssh admin@10.0.10.254 "firewall external off R1 ; apply force ; quit"
still prompts me for a password.
What have I missed and where can I see my public key in CG?
Re: Scheduled opening/closing of ports
Hi,
You can use the following command to see all installed public SSH keys:
Did you use the apply command after having imported your public SSH key?
Best Regards,
You can use the following command to see all installed public SSH keys:
Code: Select all
admin ssh keyBest Regards,
Re: Scheduled opening/closing of ports
Thanks.
"admin ssh key" shows the key but I'm still prompted by CG for admin's password?
"admin ssh key" shows the key but I'm still prompted by CG for admin's password?
Re: Scheduled opening/closing of ports
Are you using RSA or DSA keys?
BR,
BR,
Re: Scheduled opening/closing of ports
RSA is fine! When you print the list of imported SSH keys with the command "admin ssh key", do you have a '[NEW]' tag for your SSH key on not?
BR,
BR,
Re: Scheduled opening/closing of ports
How did you generate your SSH keys? Can you please copy/paste the used command (if under Linux)?
Also please double check that you are trying to connect to your CG from the machine having the SSH private key associated to the imported public key.
BR,
Also please double check that you are trying to connect to your CG from the machine having the SSH private key associated to the imported public key.
BR,