[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] User auth question
Greetings all, I have a SR community using digital certs (IKE) to authenticate, and the generic* user so I don't have to create individual user accounts on the fw. However, I now need to create a second client encrypt rule to limit certain SR users to a subset of resources. I've attempted this by only creating those users that I want to encrypt on a different rule. All the regular users still match against the generic user. However, all users, including the ones created on the fw, are triggering on the rule that has the generic user. Here's the config: Users: Generic* member of AllUsers group x-limited member of Limited group Rules on the firewall: Rule src dst protocol action 4 Limited@any serverA http client encrypt 5 AllUsers@any any any client encrypt when x-limited authenticates and attempts to connect to a resource in the encryption domain, the rule that is triggered is rule 5, not rule 4. This even when genric* only is the only member of AllUsers. Should this work? If not, any pointers? Regards, --- Gavin ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|