[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Partially Automatic Client Authentication
Help! I am using Checkpoint 2000 with SP2 on Nokia boxes. I have been trying to get Partially Automatic authentication working for outbound web access with no luck. I have searched the archives of this list and found many people asking similar questions with differing answers. Here is what I currently have source dst svc action ------------------------------------------------------------------ users@internal any http user_authentication (any_servers). users@internal any http client_authentication (partial_auto) I have tried swapping the rules and adding the client_auth port (900) to no avail. If I disable user_auth, then client auth works ok. If I disable client_auth, then user_auth works ok. If I enable both or have only client_auth, it doesn't work. If I type in an externa address such as "www.yahoo.com", the web browser comes back with "Document contains no data" and it looks like it is being redirected to the Nokia box (so it can authenticate??). Since this is a Nokia and voyager uses port 80 by default, I changed voyager to use port 81. No go. I have also tried to set automatically_open_ca_rules (true) in objects.C (on the firewall mgmt console) to true. Still no go. Very frustrating - I am about ready to smash everything with a large hammer. Does anyone have this working, especially on a Nokia and if so, could you send me the rule order and settings? Is there anything else I should do to the Nokia (other than the obvious)? I looked at fwauthd.conf and it looks ok. Help! -Jon [email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|