NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] User Authentication



Hello All,

I am trying to make user authentication work for accessing a web server, but
run into problems. After three continuous authentication attemts I get the
following error:

401 Forbidden
User Authentication Required for dave
Authentication Method required for dave: FW-1 password
Reason for failure: FW-1 rule

And at the log viewer

denied by rulebase resource http://xxx.xxx.xxx.xxx:80/

On the contrary it works ok with telnet

I have found a "remedy" in the checkpoint site suggesting it was because the
default property for User Authentication HTTP servers is Predefined rather
than All Servers, but this problem occurs after I select "All Servers" as
well.

Problem Environment:
FW-1/VPN-1 4.1 SP5
NT WS 4.0 SP6a
Firewall Password authentication method ticked under the Firewall network
object Authentication Tab
All Servers ticked under user authentication properties tab
Password is correct!

Rulebase:
1.    group@any    web_server    http    UserAuth    Long
2.    Any                Any               Any    Drop          Long

The web page is a simple "Hello" so no re-authentication requests for every
gif, jpg etc. as it would be required by the nature of http protocol

I tred using it with RSA Ace Server as well and can see that the
username/passcode is accepted by the server but keep getting authentication
requests as with the fw-1 password authentication scheme

It works with Client Authentication option so my interest in this is just
for self-information.

Thanks in advance

Zach

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.