Services Requiring Authentication

If you are working on a machine that is outside the firewall and you wish to use any of the services listed below to access a machine inside the firewall, you must authenticate yourself to the firewall machine and specify which service you want to use on which host. Once you have done this and have been authenticated you can connect to the host you specified and use the service you specified as if you were inside the campus. If your home computer is connected via an outside ISP, and you wish to use any of the sevices listed below, you must authenticate yourself.

Choose your service from one of the following commonly used services:

• ftp
• groupwise
  If you want to use the groupwise client, specify groupwise as the service and wisemail as the host.
• http
  If you want to go to a URL that is on a web server inside the firewall, specify http as the service and the web server as the host. If you want to go to www1, specify www1 as the host. If you want to access Internal Services from a non-Weizmann machine specify is as the host.
• http8080
  If you want to use fastproxy, specify http8080 for the service and fastproxy for the host. If you want to use the standard proxy, specify http8080 for the service and proxy1 for the host and then add another line specifying http8080 for the service and proxy2 for the host.
• https
  If you want to access a secure web server, specify https for the service and the web server as the host.
• imaps
  WICC recommends that you read your mail with a secure connection to an imap server. When you read your email with an imap server, the email messages remain on the server and are not downloaded to your local machine. When setting up a secure connection, specify imaps as the service. If you read your email using groupwise, specify wisemail as the host. If you read your email using OCS, specify email as the host.
• pops
  If you want to read your mail with a secure connection to a pop server, specify pops as the service. If you read your email using groupwise, specify wisemail as the host. If you read your email using OCS, specify email as the host.
• smtp
  If you want to send mail from your Weizmann account and you are working on a machine that is not on the Weizmann network (e.g you are connected at home via an outside service provider), you must use an SMTP mail server that has been set up specifically for this purpose. Specify smtp as the service and smtp-out as the host. Note that if you send mail using a native client (e.g groupwise) or via web access, you do not need to authenticate yourself.
• telnet
  If you want to telnet to the IBM mainframe (weizmann.weizmann.ac.il) using a 3270 emulator, specify telnet as the service you want and weizmann as the host.
  For any other machine, you need not establish a secure channel by authenticating yourself to the firewall. You can telnet directly to the machine you want and authenticate yourself to that machine.

Examples of commonly used services:

1. In order to access files on the web server that is inside the firewall (www1), you must authenticate yourself to the firewall machine and specify http as the service and www1 as the host. This is helpful if you are working from a machine that is not a Weizmann machine (e.g. your home connection is via an outside provider or you are abroad) and you would like to access files that are restricted to Weizmann employees.
2. In order to access Internal Services from a non-Weizmann machine (e.g your home connection is via an outside provider or you are abroad), authenticate yourself to the firewall machine and specify https as the service and is as the host.
3. In order use the groupwise client on a machine that is not on the Weizmann network, you must authenticate yourself to the firewall machine and specify groupwise as the service and wisemail as the host.
4. If you use the OCS mail server (i.e. your internal email address is userid@mail), and you use a mail client on a machine that is not on the Weizmann network, you must authenticate yourself to the firewall machine and specify the service imaps and the host email. In this case, you must specify an additional service, smtp and a host smtp-out.
5. If you want to upload a file to the machine kesem and you are working on a machine that is not on the Weizmann network, you must authenticate yourself to the firewall machine and specify ftp as the service and kesem as the host.
6. If you want to read journals that the Weizmann library is subscribed to and you are not working from a Weizmann machine, you must authenticate yourself to the firewall machine and specify http8080 as the service and proxy1 for the host and then add another line specifying http8080 for the service and proxy2 for the host. You must then configure your Web browser (Netscape, Internet Explorer, Lynx, etc.) so that it uses the Weizmann proxy. (Note: If you are using Mac OS X, you must configure the proxy outside of the Web browser.)
7. If you want to connect to iFolder, you must authenticate yourself to the firewall machine and specify https as the service and ifolder as the host.
8. In order to access E-tafnit from a non-Weizmann machine (e.g your home connection is via an outside provider or you are abroad), authenticate yourself to the firewall machine and specify Rdc as the service and wis-mac2term as the host.
9. If you want to connect to Netstorage, you must authenticate yourself to the firewall machine and specify http as the service and netstorage as the host.

You may also choose from these less commonly used services:

• imap
• pop
• archie
• exec *
• gopher
• http81
  If you want to access a web server that sits on port 81, specify http81 for the service and the web server as the host.
• ldap
• Rdc
  If you wany to use Microsoft Remote Desktop client, specify Rdc for the service and the machine on which the client is running as the host.
• rlogin
• ssh
• sunrpc
• Wremote
  If you want to use VNC remote control software, specify wremote for the service and the machine on which the VNC software is running as the host.
• X11

* Items marked with an * are available only if you are connecting from a Weizmann machine that sits in the DMZ. They are not available if you are connecting from a machine that is in the world-at-large.