Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [FW1] Good question about Secure Remote and topology download

To: [email protected], [email protected]
Subject: AW: [FW1] Good question about Secure Remote and topology download
From: [email protected]
Date: Thu, 3 May 2001 21:02:29 +0200
Sender: [email protected]

Hi back,

I do not know if this explains your problem, but CheckpointFirewall-1 works
its way through the rules sequential and the 1st / 1st rules that fits the
circumstances is used. To me it looks as if the rule for client
authentication is placed before the rules which request client encryption.

If SecuRemote is started on the client, Firewall-1 might look for a Rule
which requests traffic to the destination beeing ancrypted. The Client
AuthenticationRule does not apply.

If you come in unencrypted and the client authentication rules is before the
client encryption rule this rule applys without checkpoint looking any
farther through the following rules.

--Joerg


-----Originalnachricht-----
Von: Paiement, Marc
An: '[email protected]'
Gesendet: 01.05.01 16:56
Betreff: [FW1] Good question about Secure Remote and topology download


Hi,

     I'm running FW-1 4.1 SP2 on Nokia IP440. We use Secure Remote 4.1
SP3.
We have users that use Secure Remote to access server on my Lan. My
problem
is when these users are trying to access a server on my DMZ and my
policies
are set perform a client authentication, they get a Secure Remote prompt
for
username and password before. If the user kill the secure remote client,
he
can access normally with a client authentication.

     I believe that the cause is because the firewall object is define
in my
userc.c and when the user try to access to a server in my DMZ, the
firewall
send back a user authentication to the user. If the user must
authenticate
to the firewall and the firewall object is listed in is userc.c, thus
the
user gonna try to perform a key exchange with the firewall before to
authenticate.  Do I'm right? How to remove the firewall object only or
how
to fix my problem?

Thanks to try to help me!



Marc Paiement
Network & Telecommunication Specialist





========================================================================
========
     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
========================================================================
========


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] RE: PPTP thru FW1
Next by Date: RE: [FW1] Source + Destination NAT
Previous by thread: [FW1] problem with filtering http
Next by thread: AW: [FW1] unknown established tcp packet
Index(es):
- Date
- Thread