Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] User auth question

To: <[email protected]>
Subject: [FW1] User auth question
From: "Adams, Gavin" <[email protected]>
Date: Thu, 22 Feb 2001 14:43:52 -0400
Sender: [email protected]
Thread-index: AcCc/2aZlGy3LJfzTTGw+SBZj8ujiw==
Thread-topic: User auth question

Greetings all,

I have a SR community using digital certs (IKE) to authenticate, and the
generic* user so I don't have to create individual user accounts on the
fw. However, I now need to create a second client encrypt rule to limit
certain SR users to a subset of resources. I've attempted this by only
creating those users that I want to encrypt on a different rule. All the
regular users still match against the generic user.

However, all users, including the ones created on the fw, are triggering
on the rule that has the generic user. Here's the config:

Users:
Generic*	member of AllUsers group
x-limited	member of Limited group


Rules on the firewall:

Rule	src		dst	protocol		action
4	Limited@any	serverA	http		client encrypt
5	AllUsers@any	any	any		client encrypt

when x-limited authenticates and attempts to connect to a resource in
the encryption domain, the rule that is triggered is rule 5, not rule 4.
This even when genric* only is the only member of AllUsers.

Should this work? If not, any pointers?

Regards,

--- Gavin



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] High Port FTP
Next by Date: Re: Oggetto: Re: [FW1] Securemote: authentication downloading siteinfo
Previous by thread: Re: [FW1] port 8000 iRDMI
Next by thread: RE: [FW1] User auth question
Index(es):
- Date
- Thread