| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] Client Auth Problems. Please HELP!!!
I am having a wierd probelm with FW1 client authenication. We are running a
Solaris Checkpoint Firewall 4.1 SP2 on a Netra T1. We are authenicating via
SecurID and client auth is set to partially automatic. The problem arises
when users are trying to log into servers running HP-UX via telnet. They are
Nortel OC 48's and Nortel Access Nodes. The connections seem to be
inconsistent. There is no limit as to the number of users that can log in
and resources on the servers are fine. The weird thing is that some users in
the same group and in the same network segment that are part of the same
rule can get in while others can't. We have tried just firewall
authentiction without SecurID and the problem is not resolved. They are
authenticating fine and the logs show that the traffic is being allowed by
the correct rule. No other equipment that is part of the same rule set is
giving us problems. What we noticed when running a snoop is that the only
time it fails is when the destination servers are seeing the source of the
trusted interface of the firewall instead of the ip of the client making the
connection. We are not doing any NAT and can not use user auth since we are
allowing other services that are not supported. Is there a way for the
firewall to always show the source ip of the client versus the ip of its
trusted interface when making a connection to the servers behind the
firewall? Any suggestions or help would be appreciated
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
