| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] Partially Automatic Client Authentication
Help! I am using Checkpoint 2000 with SP2 on Nokia boxes. I
have been trying to get Partially Automatic authentication working
for outbound web access with no luck. I have searched the archives
of this list and found many people asking similar questions with
differing answers. Here is what I currently have
source dst svc action
------------------------------------------------------------------
users@internal any http user_authentication (any_servers).
users@internal any http client_authentication (partial_auto)
I have tried swapping the rules and adding the client_auth port (900)
to no avail. If I disable user_auth, then client auth works ok. If
I disable client_auth, then user_auth works ok. If I enable both or
have only client_auth, it doesn't work. If I type in an externa address
such as "www.yahoo.com", the web browser comes back with "Document
contains no data" and it looks like it is being redirected to the Nokia
box (so it can authenticate??).
Since this is a Nokia and voyager uses port 80 by default, I changed
voyager to use port 81. No go. I have also tried to set
automatically_open_ca_rules (true)
in objects.C (on the firewall mgmt console) to true. Still no go.
Very frustrating - I am about ready to smash everything with a large
hammer. Does anyone have this working, especially on a Nokia and if so,
could you send me the rule order and settings? Is there anything else
I should do to the Nokia (other than the obvious)? I looked at
fwauthd.conf and it looks ok. Help!
-Jon
[email protected]
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
