[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Firewall-1 4.1 SP6 and Websense 4.4 - User Authentication
All, The environment and background =============================================================================== I have a Client Authentication rule and a HTTP resource rule that is for Websense in the following order 10.0.0.0 ==> Any HTTP-Blocked sites Reject [email protected] ==> Any HTTP Client Auth I would like to be able to specify in Websense policies for individual users. I configured Websense to look at the same LDAP directory that the firewall module authenticates against. Within the Websense documentation, it states that Websense must do Manual Authentication if you are using an Novel LDAP directory, which I am. I Sniffed the UFP packets going to Websense and there is a user_name field that is passed to Websense. It is blank in my case. =============================================================================== My question =============================================================================== Can I add an object with resource to my websense rule even though it is before the authentication rule like so? [email protected] ==> Any HTTP-Blocked sites Reject I am hoping that this will cause the user_name field to be passed to Websense, websense would use that field and enforce a policy if one is presence for that user. This will prevent me from having to set the manual authentication on the Websense server. =============================================================================== Thanks, Brian Wert ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|