NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Firewall-1 4.1 SP6 and Websense 4.4 - User Authentication



All,

The environment and background
===============================================================================
I have a Client Authentication rule and a HTTP resource rule that is for
Websense in the following order

10.0.0.0            ==> Any   HTTP-Blocked sites   Reject
[email protected]  ==> Any    HTTP                Client Auth

I would like to be able to specify in Websense policies for individual
users.  I configured Websense to look at the same LDAP directory that the
firewall module authenticates against.
Within the Websense documentation, it states that Websense must do Manual
Authentication if you are using an Novel LDAP directory, which I am.

I Sniffed the UFP packets going to Websense and there is a user_name field
that is passed to Websense.  It is blank in my case.
===============================================================================

My question
===============================================================================
Can I add an object with resource to my websense rule even though it is
before the authentication rule like so?

[email protected]   ==> Any    HTTP-Blocked sites       Reject

I am hoping that this will cause the user_name field to be passed to
Websense, websense would use that field and enforce a policy if one is
presence for that user.
This will prevent me from having to set the manual authentication on the
Websense server.
===============================================================================

Thanks,
Brian Wert

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.