Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] IIS Authentication (NT Challenge/Response) thru FW1

To: "'Irwan Shahrin Ismail'" <[email protected]>, "'[email protected]'" <[email protected]>
Subject: RE: [FW1] IIS Authentication (NT Challenge/Response) thru FW1
From: Dan Hitchcock <[email protected]>
Date: Wed, 27 Sep 2000 13:53:20 -0700
Sender: [email protected]

Your issue may have to do with the token-passing behavior of Internet
Explorer.  If you are using Netscape, you're out of luck; with Internet
Explorer, however, you can make some changes to improve this situation.

By default, IE will only send NTLM authentication traps to sites defined as
"local intranet" in Tools->Internet Options->Security.  This is designed to
prevent your NTLM authentication information from getting thrown at every
internet site you visit.

If your website appears at "local intranet" in the lower-right of your IE
browser, then this is not the issue.  However, if it is anything else, you
can fix the issue by adding the destination website to the "Local Intranet"
definition on the IE client.

Hope that helps...

Dan Hitchcock
CCNA, MCSE
Network Engineer
Xylo, Inc. (formerly employeesavings.com)The work/life solution for corporate thought leaders


-----Original Message-----
From: Irwan Shahrin Ismail [mailto:[email protected]]
Sent: Tuesday, September 26, 2000 1:17 AM
To: '[email protected]'
Subject: [FW1] IIS Authentication (NT Challenge/Response) thru FW1



I'm having trouble accessing our web servers (thru HTTP port 80) when using
NT Challenge/Response. What happens is that I would be prompted several
times
for the login before I get to see a page. However, when I enable Anonymous
access on IIS (as well as NT Challenge/Response), I only get prompted once
for
the login & password (this is partly because the default page has a few
lines
of codes to authenticate a user). The problem with this is that some HTML
files
and images (which can't include scripts to check for authentication) won't
prompt
the user(s) for login.

Why does IIS prompt me for the login several times? Is it because each
request
is seen as a separate request (as it has gone through the firewall, thus
source
address might have been translated, etc)? I've tried changing the rules to
ANY, ANY, ANY, ACCEPT, and it works! 

I've tested several times from different machines on the internal network
(which
is in the same subnet as the firewall) and they don't have any problem
accessing
this web server.

Please advice. If possible, CC your reply to [email protected].

Appreciate any help.

Thanks!


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Securemote Issue....
Next by Date: Re: [FW1] Management server connected to multiple networks?
Previous by thread: [FW1] IIS Authentication (NT Challenge/Response) thru FW1
Next by thread: [FW1] eSafe v3.0 and/or v2.1 build 101
Index(es):
- Date
- Thread