Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Problems with user authentication

To: "'[email protected]'" <[email protected]>
Subject: [FW1] Problems with user authentication
From: Niksa Franceschi <[email protected]>
Date: Fri, 25 May 2001 11:14:58 +0200
Sender: [email protected]

I have weird problem with user suthentication.
I'm running FW-1 4.0 on HP-UX box, with 3 interfaces,
external, internal and DMZ.

I managed to get ACE authentication to work, but, when I try to connect
with user authentication from outside, this is what I get:

[my machine on Internet][~/tmp 1 #516 10:52]> telnet XXX.XXX.XXX.XXX
Trying...
Connected to XXX.XXX.XXX.XXX.
Escape character is '^]'.
Local flow control off
Check Point FireWall-1 authenticated Telnet server running on ita1
User: nfrances
PASSCODE: ****
User nfrances authenticated by SecurID

Connection to XXX.XXX.XXX.XXX failed
Connection closed by foreign host.

where XXX.XXX.XXX.XXX is external address on Internet.

Policy is set as:
first rule, <user group> <name of host, which is staticly nated> <telnet>
<user auth>
second rule, <not localent> <name of host which is staticly nated> <telnet>
<reject>

Also, if I remove user authentication, and allow direct telnet to inside, it
works to connect
from Internet! But, as soon as I add user authentication, it fails.

Also, note that with this user authentication, I can connect to Internet
from Intranet, if I
set to use it (same user authentication), but it doesnt work from Internet
to Intranet.

I also tried to change 2nd rule to allow, just to see what happens - also
fails, although
it should let me in, and here's the messages agin of what I get:

[my machine on Internet][~/tmp 1 #513 10:46]> telnet XXX.XXX.XXX.XXX
Trying...
Connected to XXX.XXX.XXX.XXX.
Escape character is '^]'.
Local flow control off
Check Point FireWall-1 authenticated Telnet server running on ita1

Connection to XXX.XXX.XXX.XXX failed
Connection closed by foreign host.

Any ideas what's happening here?




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Guide for Hardening AIX.
Next by Date: RE: [FW1] NT SP5
Previous by thread: [FW1] Guide for Hardening AIX.
Next by thread: [FW1] Mgmt. Console Migration & VPN Issues
Index(es):
- Date
- Thread