NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] External users authentication




Hi all,
I'm interested in allowing authenticated access to internal web server to external users. I have FW-1 4.1 with only 2 NICs (no DMZ).
What's the best way between:
1) Static NAT for every internal web server
2) Security Server?
I think HTTP Security Server is better but can I use it with unofficial internal networks? Until now, I wasn't able to create an HTTP Security Server. Is the following step-by-step procedure right?


I defined a Security Server in Properties:

 Logical name: freedom
 Host: <internal IP address>
 Port: 80
 Reauthentication: none
 Server for Null Request: checked

and I inserted two rules:

1)  Any - FW - Not http - Drop - Long
2)  All_Users@Any - Any - http - User Auth - Long

Group All_Users contains user x (authenticated by FW-1).

I'm able to successfully login to URL:
 http://firewall/freedom/
(where 'firewall' is the external interface of the firewall)
but I get the following:

Error
FW-1 at fw: Failed to connect to the WWW server.

Access to host 'freedom:80' from firewall console is working.
Direct/inverse DNS resolution for hostname 'freedom' is working too.

Thank you for your support and suggestions
Domenico Viggiani

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.



================================================================================
    To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.