[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Client Auth Problems. Please HELP!!!
I am having a wierd probelm with FW1 client authenication. We are running a Solaris Checkpoint Firewall 4.1 SP2 on a Netra T1. We are authenicating via SecurID and client auth is set to partially automatic. The problem arises when users are trying to log into servers running HP-UX via telnet. They are Nortel OC 48's and Nortel Access Nodes. The connections seem to be inconsistent. There is no limit as to the number of users that can log in and resources on the servers are fine. The weird thing is that some users in the same group and in the same network segment that are part of the same rule can get in while others can't. We have tried just firewall authentiction without SecurID and the problem is not resolved. They are authenticating fine and the logs show that the traffic is being allowed by the correct rule. No other equipment that is part of the same rule set is giving us problems. What we noticed when running a snoop is that the only time it fails is when the destination servers are seeing the source of the trusted interface of the firewall instead of the ip of the client making the connection. We are not doing any NAT and can not use user auth since we are allowing other services that are not supported. Is there a way for the firewall to always show the source ip of the client versus the ip of its trusted interface when making a connection to the servers behind the firewall? Any suggestions or help would be appreciated ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|