[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] AW: [FW1] Good question about Secure Remote and topology download
Hi back, I do not know if this explains your problem, but CheckpointFirewall-1 works its way through the rules sequential and the 1st / 1st rules that fits the circumstances is used. To me it looks as if the rule for client authentication is placed before the rules which request client encryption. If SecuRemote is started on the client, Firewall-1 might look for a Rule which requests traffic to the destination beeing ancrypted. The Client AuthenticationRule does not apply. If you come in unencrypted and the client authentication rules is before the client encryption rule this rule applys without checkpoint looking any farther through the following rules. --Joerg -----Originalnachricht----- Von: Paiement, Marc An: '[email protected]' Gesendet: 01.05.01 16:56 Betreff: [FW1] Good question about Secure Remote and topology download Hi, I'm running FW-1 4.1 SP2 on Nokia IP440. We use Secure Remote 4.1 SP3. We have users that use Secure Remote to access server on my Lan. My problem is when these users are trying to access a server on my DMZ and my policies are set perform a client authentication, they get a Secure Remote prompt for username and password before. If the user kill the secure remote client, he can access normally with a client authentication. I believe that the cause is because the firewall object is define in my userc.c and when the user try to access to a server in my DMZ, the firewall send back a user authentication to the user. If the user must authenticate to the firewall and the firewall object is listed in is userc.c, thus the user gonna try to perform a key exchange with the firewall before to authenticate. Do I'm right? How to remove the firewall object only or how to fix my problem? Thanks to try to help me! Marc Paiement Network & Telecommunication Specialist ======================================================================== ======== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ======================================================================== ======== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|