NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Squid/FW1 authentication



User Authentication grants access on a per user basis. This method can be used only for ?authenticated services? - TELNET, RLOGIN, FTP and HTTP and requires a separate authentication for each connection. It is secure, because the authentication is valid only for one
connection, but intrusive, because each connection requires another authentication.

Firewall-1 was not developed to be a proxy server, but because of the security server concept, the functionality had to be included.  The only way I can think of to maintain

So I don't know of a way (other than spawning multiple instances of security servers) to improve performance, but the auth issue can be fixed by using

group@source     any    http    clientauth (configured for partially automatic sign on, and session timeouts specified on the limits page...)

Good Luck...

CryptoTech

"Matt M. Miller" wrote:

> Hello,
>
> Just installed squid proxy cache and I'm trying to get it working with our Checkpoint Firewall.  The plan is for users to hit the internal interface of the proxy server and then the external interface of the proxy will connect to the firewall and request the page.
>
> We want the firewall to do the authentication because this is where the user database resides.
>
> Everything works except, when browsing, the user is prompted for a password for each object instead of just one time at the beginning of the session.  This is obviously no good.
>
> I can set the cients to use the internal IP of the Firewall as their proxy, and then set the firewall to re-direct to squid..  But this seems inefficient and the clients browser will sometimes create a lot of redirect notifications.  Performance also seems slower this way.
>
> Is there a way to have clients authenticate one time to the firewall and then have the proxy maintain the connection thereafter?
>
> If not, is there some way to convert a firewall user database to squid format?
>
> Thanks for the help!
>
> Matthew Miller
> Sr. WAN Engineer
> Provident Bank of Maryland
>>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.