1. Home
  2. Networking
  3. Check Point FireWall

Appendix C. 'firewall-1.conf' File for Use with OpenLDAP v1

Appendix C. firewall-1.conf File for Use with OpenLDAP v1

To use OpenLDAP v1 with FireWall-1, add the following line to your slapd.conf file:

include         /etc/openldap/firewall-1.conf

The contents of firewall-1.conf follow.

attribute       fw1auth-method                          ces
attribute       fw1auth-server                          ces
attribute       fw1pwdlastmod                           ces
attribute       fw1skey-number                          ces
attribute       fw1skey-seed                            ces
attribute       fw1skey-passwd                          ces
attribute       fw1skey-mdm                             ces
attribute       fw1expiration-date                      ces
attribute       fw1hour-range-from                      ces
attribute       fw1hour-range-to                        ces
attribute       fw1day                                  ces
attribute       fw1allowed-src                          ces
attribute       fw1allowed-dst                          ces
attribute       fw1allowed-vlan                         ces
attribute       fw1SR-keym                              ces
attribute       fw1SR-datam                             ces
attribute       fw1SR-mdm                               ces
attribute       fw1enc-fwz-expiration                   ces
attribute       fw1sr-auth-track                        ces
attribute       fw1grouptemplate                        ces
attribute       fw1ISAKMP-EncMethod                     ces
attribute       fw1ISAKMP-AuthMethods                   ces
attribute       fw1ISAKMP-HashMethods                   ces
attribute       fw1ISAKMP-Transfork                     ces
attribute       fw1ISAKMP-DataIntegrityMethod           ces
attribute       fw1ISAKMP-SharedSecret                  ces
attribute       fw1ISAKMP-DataEncMethod                 ces
attribute       fw1enc-methods                          ces


objectclass fw1template
       requires
                objectClass,
                cn
       allows
                member,
                description,
                fw1auth-method,
                fw1auth-server,
                fw1pwdlastmod,
                fw1skey-number,
                fw1skey-seed,
                fw1skey-passwd,
                fw1skey-mdm,
                fw1expiration-date,
                fw1hour-range-from,
                fw1hour-range-to,
                fw1day,
                fw1allowed-src,
                fw1allowed-dst,
                fw1allowed-vlan,
                fw1SR-keym,
                fw1SR-datam,
                fw1SR-mdm,
                fw1enc-fwz-expiration,
                fw1sr-auth-track,
                fw1grouptemplate,
                fw1ISAKMP-EncMethod,
                fw1ISAKMP-AuthMethods,
                fw1ISAKMP-HashMethods,
                fw1ISAKMP-Transform,
                fw1ISAKMP-DataIntegrityMethod,
                fw1ISAKMP-SharedSecret,
                fw1ISAKMP-DataEncMethod,
                fw1enc-methods
objectclass fw1person
       requires
                objectClass,
                cn
       allows
                description,
                fw1auth-method,
                fw1auth-server,
                fw1pwdlastmod,
                fw1skey-number,
                fw1skey-seed,
                fw1skey-passwd,
                fw1skey-mdm,
                fw1expiration-date,
                fw1hour-range-from,
                fw1hour-range-to,
                fw1day,
                fw1allowed-src,
                fw1allowed-dst,
                fw1allowed-vlan,
                fw1SR-keym,
                fw1SR-datam,
                fw1SR-mdm,
                fw1enc-fwz-expiration,
                fw1sr-auth-track,
                fw1grouptemplate,
                fw1ISAKMP-EncMethod,
                fw1ISAKMP-AuthMethods,
                fw1ISAKMP-HashMethods,
                fw1ISAKMP-Transform,
                fw1ISAKMP-DataIntegrityMethod,
                fw1ISAKMP-SharedSecret,
                fw1ISAKMP-DataEncMethod,
                fw1enc-methods


    		Frequently Asked Questions
    		Preface
    		Chapter 1. Introduction to Firewalls
    		Chapter 2. Planning Your FireWall-1 Installation
    		Chapter 3. Installing FireWall-1
    		Chapter 4. Building Your Rulebase
    		Chapter 5. Logging and Alerting
    		Chapter 6. Common Issues
    		Chapter 7. Remote Management
    		Chapter 8. User Authentication
    		Chapter 9. Content Security
    		Chapter 10. Network Address Translation
    		Chapter 11. Site-to-Site VPN
    		Chapter 12. SecuRemote and SecureClient
    		Chapter 13. High Availability
    		Chapter 14. INSPECT
    		Appendix A. Securing Your Bastion Host
    		Appendix B. Sample Acceptable Usage Policy
    		Appendix C. 'firewall-1.conf' File for Use with OpenLDAP v1
    		Appendix D. 'firewall-1.schema' File for Use with OpenLDAP v2
    		Appendix E. Performance Tuning
    		Appendix F. Sample 'defaultfilter.pf' File
    		Appendix G. Other Resources
    		Appendix H. Further Reading