Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] HTTPS issue with NG FP3 user auth

To: [email protected]
Subject: Re: [FW-1] HTTPS issue with NG FP3 user auth
From: Chris Dias <[email protected]>
Date: Sat, 20 Sep 2003 09:41:24 -0700
In-reply-to: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Unfortunately, I do not have access to a Checkpoint firewall and haven't for about 2years, as a layoff in Silicon Valley hit me just after 9/11.  However, I am still in the game, reading many subjects and belonging to this club and a Cisco club, etc, moved to Hungary - learning new language, making new connections, doing odd work.  But, I try to help when I can and this problem is interesting to me, so I will help you if I can.  I will try to summarize something for you by the weekend's end.

Are you using Natting? What kind?  DNS and other services OK? Traceroute and ping working as expected?

What does your network look like? Internal web server?  Others having same problem?

It is my understanding that the object_5_c object usually isn't manually configured unless there is a very specific reason, that this problem doesn't seem to belong to.

What are your other rules related to this picture?

[email protected]> wrote:
hi chris,
No i havent tried opening all the ports..since its the
user auth i have to change un the services as <443 am
I right ? I chnaged http parameters in objects_5_0.c
ervim user auth does wirk with FP3 but only for Http
sites :(...
Please let me know if u have any tested solution..
regards
Vijay
--- Chris Dias wrote:
> Do you need to allow both ports 444 and 443 to pass
> through the fw?
> Do you need to allow ident port 113 - I don't
> believe secure applications use this port anymore -
> not sure.
> If you open the firewall wide open, what happens?
>
http://www.iss.net/security_center/advice/Exploits/Ports/default.htm
>
> This one probably doesn't apply.
>
http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp
>
> Curious. What parameters did you change in userc.C?
>
> Elmar van Mourik wrote:
> As far as I know user auth is NOT working with https
> in FP 3.
> For that reason I want to upgrade to AI in the near
> future.
>
> Elmar van Mourik
>
> -----Oorspronkelijk bericht-----
> Van: Vijay [mailto:[email protected]]
> Verzonden: donderdag 18 september 2003 15:16
> Aan: [email protected]
> Onderwerp: [FW-1] HTTPS issue with NG FP3 user auth
>
>
> Dear Checkpoint Gurus!!
> I have written this issue before but did not get any
> answers so thought I shall try again...I am
> Installing
> Checkpoint NG FP3 On windows 2k box.
> I am having this rule.
> Internal@user https, http User Auth.<----Rule
> Number 1
> initially user auth was not working for http but
> after
> changing 3 http parameters in object_5_0.c user
> authentication started working for HTTp sites only.
> For https sites like hotmail or for that matter
> checkpoint secure knowledge i was not able to get
> any
> page in the browser. On the firewall I am getting
> the
> accept for https requests.
> Any one has any clue? Please please reply ....badly
> require solution for this.
> Regards
> Vj
>
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site
> design software
> http://sitebuilder.yahoo.com
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
>
> Door de electronische verzending van het bericht
> kunnen er geen rechten
> ontleend worden aan de informatie. Als u deze e-mail
> onterecht heeft
> ontvangen, waarschuwt u dan de afzender via
> [email protected] en verwijder
> de gegevens van de computer.
>
> Zuiveringsschap Hollandse Eilanden en Waarden,
> Dordrecht
> tel: +31 (0)78 6397100
> fax: +31 (0)78 6311871
> web: http://www.zhew.nl
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
>
> Christopher J. Dias - CCSA, CCSE (Checkpoint), MCP +
> I,MCSE, (Microsoft), CCNA, CCNP (Cisco). CSE
> (Novell)
> Cím:1121 Budapest
> Fülemile út 12-18 4.ép.3/11.
> Telefon: 36 1 275-4008 Mobil:06-20/803 9687
> [email protected]
>
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site
> design software
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================


Christopher J. Dias - CCSA, CCSE (Checkpoint), MCP + I,MCSE, (Microsoft),  CCNA, CCNP (Cisco). CSE (Novell)
Cím:1121 Budapest
Fülemile út 12-18 4.ép.3/11.
Telefon: 36 1 275-4008 Mobil:06-20/803 9687
[email protected]


---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] HTTPS issue with NG FP3 user auth
  - From: Vijay <[email protected]>

References:
- Re: [FW-1] HTTPS issue with NG FP3 user auth
  - From: Vijay <[email protected]>

Prev by Date: Re: [FW-1] IPSO 3.6 -> 3.7 UPgrade with NG FP3
Next by Date: Re: [FW-1] question on automatic NAT
Previous by thread: Re: [FW-1] HTTPS issue with NG FP3 user auth
Next by thread: Re: [FW-1] HTTPS issue with NG FP3 user auth
Index(es):
- Date
- Thread