-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of [email protected]
Sent: Friday, October 04, 2002 8:23 PM
To: [email protected]
Subject: Re: [FW-1] Firewall-1 4.1 SP6 and Websense 4.4 - User Authenticat ionBrian,
There is no way that we have found to configure the FireWall to send us the user name. Even though the field may be present, it is not used in the UFP request sent to us. As recommended earlier, you're only solution at this time is to configure Websense to do the authentication, or to shift to another Websense integration partner that can provide you this facility.
Thank you.
-----Original Message-----
From: Brian Wert [mailto:[email protected]]
Sent: Friday, October 04, 2002 6:25 AM
To: [email protected]
Subject: [FW-1] Firewall-1 4.1 SP6 and Websense 4.4 - User
Authentication
All,
The environment and background
===============================================================================
I have a Client Authentication rule and a HTTP resource rule that is for
Websense in the following order10.0.0.0 ==> Any HTTP-Blocked sites Reject
[email protected] ==> Any HTTP Client AuthI would like to be able to specify in Websense policies for individual
users. I configured Websense to look at the same LDAP directory that the
firewall module authenticates against.
Within the Websense documentation, it states that Websense must do Manual
Authentication if you are using an Novel LDAP directory, which I am.I Sniffed the UFP packets going to Websense and there is a user_name field
that is passed to Websense. It is blank in my case.
===============================================================================My question
===============================================================================
Can I add an object with resource to my websense rule even though it is
before the authentication rule like so?[email protected] ==> Any HTTP-Blocked sites Reject
I am hoping that this will cause the user_name field to be passed to
Websense, websense would use that field and enforce a policy if one is
presence for that user.
This will prevent me from having to set the manual authentication on the
Websense server.
===============================================================================Thanks,
Brian Wert=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================