[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Authenticted HTTP problems
Hello all, We have two rules for internal users accessing sites on the Internet. The first rule allows anyone to access a limited set of sites without authenticating. These sites are for our 401-k, health care, etc. The next rule requires everyone on the inside to authenticate using User Auth to access any other site on the Internet. We are authenticating against the FW-1 user database, which has about 1100 users in it. Everything works OK until we install policy changes or some user maintenance is performed. After that users have to wait several minutes to get the authentication prompt, if they get it at all. If we kill the in.ahttpd process users will get the prompt for a while, then the delays start after 10 or 15 minutes. Stopping and starting the firewall (fwstop and fwstart) doesn't have any affect, neither does clearing the state directory. Doing an "fw ctl pstat" shows lots of free memory - above 80%. Users will start getting the prompt eventually without killing the process after 4 or 5 hours if no user maintenance or policy changes are performed. When users can't get the authentication prompt, they are still able to access the sites in the first rule that don't require authentication. Any suggestions? Thanks, Steve _______________________________________________________ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|