[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] HTTPS issue with NG FP3 user auth
Chris , its really sad that u have lost the job , but pal it is very important that u dont lose technical touch and yes it is very correct thing u r doing by accessing the mailing lists..buddy i am sure something really good is ahead of u...Best Of luck... In user auth i dont require to NAT the Internal machines since ma firewall will start the security server which is proxy ..so i just need to mention the Ip addres of the checkpoint Internal NIC in the ie proxy settings. All the services are OK since i am able to browse the http sites without any issues. Ping and traceroute is working just fine... there are very few rules 1 . All_user @ user Any Any http https ftp accept. 2. Any SMTP_Server SMTP-->resource aceept 3. SMTP_Server Any any accept 4. Any any drop this is all about it ... regards Vijay --- Chris Dias <[email protected]> wrote: > Unfortunately, I do not have access to a Checkpoint > firewall and haven't for about 2years, as a layoff > in Silicon Valley hit me just after 9/11. However, > I am still in the game, reading many subjects and > belonging to this club and a Cisco club, etc, moved > to Hungary - learning new language, making new > connections, doing odd work. But, I try to help > when I can and this problem is interesting to me, so > I will help you if I can. I will try to summarize > something for you by the weekend's end. > > Are you using Natting? What kind? DNS and other > services OK? Traceroute and ping working as > expected? > > What does your network look like? Internal web > server? Others having same problem? > > It is my understanding that the object_5_c object > usually isn't manually configured unless there is a > very specific reason, that this problem doesn't seem > to belong to. > > What are your other rules related to this picture? > > [email protected]> wrote: > hi chris, > No i havent tried opening all the ports..since its > the > user auth i have to change un the services as <443 > am > I right ? I chnaged http parameters in objects_5_0.c > ervim user auth does wirk with FP3 but only for Http > sites :(... > Please let me know if u have any tested solution.. > regards > Vijay > --- Chris Dias wrote: > > Do you need to allow both ports 444 and 443 to > pass > > through the fw? > > Do you need to allow ident port 113 - I don't > > believe secure applications use this port anymore > - > > not sure. > > If you open the firewall wide open, what happens? > > > http://www.iss.net/security_center/advice/Exploits/Ports/default.htm > > > > This one probably doesn't apply. > > > http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp > > > > Curious. What parameters did you change in > userc.C? > > > > Elmar van Mourik wrote: > > As far as I know user auth is NOT working with > https > > in FP 3. > > For that reason I want to upgrade to AI in the > near > > future. > > > > Elmar van Mourik > > > > -----Oorspronkelijk bericht----- > > Van: Vijay [mailto:[email protected]] > > Verzonden: donderdag 18 september 2003 15:16 > > Aan: [email protected] > > Onderwerp: [FW-1] HTTPS issue with NG FP3 user > auth > > > > > > Dear Checkpoint Gurus!! > > I have written this issue before but did not get > any > > answers so thought I shall try again...I am > > Installing > > Checkpoint NG FP3 On windows 2k box. > > I am having this rule. > > Internal@user https, http User Auth.<----Rule > > Number 1 > > initially user auth was not working for http but > > after > > changing 3 http parameters in object_5_0.c user > > authentication started working for HTTp sites > only. > > For https sites like hotmail or for that matter > > checkpoint secure knowledge i was not able to get > > any > > page in the browser. On the firewall I am getting > > the > > accept for https requests. > > Any one has any clue? Please please reply > ....badly > > require solution for this. > > Regards > > Vj > > > > __________________________________ > > Do you Yahoo!? > > Yahoo! SiteBuilder - Free, easy-to-use web site > > design software > > http://sitebuilder.yahoo.com > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to > [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > > > > > Door de electronische verzending van het bericht > > kunnen er geen rechten > > ontleend worden aan de informatie. Als u deze > e-mail > > onterecht heeft > > ontvangen, waarschuwt u dan de afzender via > > [email protected] en verwijder > > de gegevens van de computer. > > > > Zuiveringsschap Hollandse Eilanden en Waarden, > > Dordrecht > > tel: +31 (0)78 6397100 > > fax: +31 (0)78 6311871 > > web: http://www.zhew.nl > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to > [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > > > > > Christopher J. Dias - CCSA, CCSE (Checkpoint), MCP > + > > I,MCSE, (Microsoft), CCNA, CCNP (Cisco). CSE > > (Novell) > > Cím:1121 Budapest > > Fülemile út 12-18 4.ép.3/11. > > Telefon: 36 1 275-4008 Mobil:06-20/803 9687 > > [email protected] > > > > > > --------------------------------- > > Do you Yahoo!? > > Yahoo! SiteBuilder - Free, easy-to-use web site > > design software > > > > ================================================= > > To set vacation, Out-Of-Office, or away messages, > > send an email to > [email protected] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [email protected] > > ================================================= > > > __________________________________ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site > design software > http://sitebuilder.yahoo.com > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > === message truncated === __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|