NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] HTTPS issue with NG FP3 user auth



Chris ,
its really sad that u have lost the job , but pal it
is very important that u dont lose technical touch and
yes it is very correct thing u r doing by accessing
the mailing lists..buddy i am sure something really
good is ahead of u...Best Of luck...
In user auth i dont require to NAT the Internal
machines since ma firewall will start the security
server which is proxy ..so i just need to mention the
Ip addres of the checkpoint Internal NIC in the ie
proxy settings.

All the services are OK since i am able to browse the
http sites without any issues.
Ping and traceroute is working just fine...
there are very few rules
1 . All_user @ user Any Any http https ftp accept.
2.  Any     SMTP_Server      SMTP-->resource
aceept
3. SMTP_Server  Any         any      accept
4. Any           any                 drop
this is all about it ...
regards
Vijay

--- Chris Dias <[email protected]> wrote:
> Unfortunately, I do not have access to a Checkpoint
> firewall and haven't for about 2years, as a layoff
> in Silicon Valley hit me just after 9/11.  However,
> I am still in the game, reading many subjects and
> belonging to this club and a Cisco club, etc, moved
> to Hungary - learning new language, making new
> connections, doing odd work.  But, I try to help
> when I can and this problem is interesting to me, so
> I will help you if I can.  I will try to summarize
> something for you by the weekend's end.
>
> Are you using Natting? What kind?  DNS and other
> services OK? Traceroute and ping working as
> expected?
>
> What does your network look like? Internal web
> server?  Others having same problem?
>
> It is my understanding that the object_5_c object
> usually isn't manually configured unless there is a
> very specific reason, that this problem doesn't seem
> to belong to.
>
> What are your other rules related to this picture?
>
> [email protected]> wrote:
> hi chris,
> No i havent tried opening all the ports..since its
> the
> user auth i have to change un the services as <443
> am
> I right ? I chnaged http parameters in objects_5_0.c
> ervim user auth does wirk with FP3 but only for Http
> sites :(...
> Please let me know if u have any tested solution..
> regards
> Vijay
> --- Chris Dias wrote:
> > Do you need to allow both ports 444 and 443 to
> pass
> > through the fw?
> > Do you need to allow ident port 113 - I don't
> > believe secure applications use this port anymore
> -
> > not sure.
> > If you open the firewall wide open, what happens?
> >
>
http://www.iss.net/security_center/advice/Exploits/Ports/default.htm
> >
> > This one probably doesn't apply.
> >
>
http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp
> >
> > Curious. What parameters did you change in
> userc.C?
> >
> > Elmar van Mourik wrote:
> > As far as I know user auth is NOT working with
> https
> > in FP 3.
> > For that reason I want to upgrade to AI in the
> near
> > future.
> >
> > Elmar van Mourik
> >
> > -----Oorspronkelijk bericht-----
> > Van: Vijay [mailto:[email protected]]
> > Verzonden: donderdag 18 september 2003 15:16
> > Aan: [email protected]
> > Onderwerp: [FW-1] HTTPS issue with NG FP3 user
> auth
> >
> >
> > Dear Checkpoint Gurus!!
> > I have written this issue before but did not get
> any
> > answers so thought I shall try again...I am
> > Installing
> > Checkpoint NG FP3 On windows 2k box.
> > I am having this rule.
> > Internal@user https, http User Auth.<----Rule
> > Number 1
> > initially user auth was not working for http but
> > after
> > changing 3 http parameters in object_5_0.c user
> > authentication started working for HTTp sites
> only.
> > For https sites like hotmail or for that matter
> > checkpoint secure knowledge i was not able to get
> > any
> > page in the browser. On the firewall I am getting
> > the
> > accept for https requests.
> > Any one has any clue? Please please reply
> ....badly
> > require solution for this.
> > Regards
> > Vj
> >
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! SiteBuilder - Free, easy-to-use web site
> > design software
> > http://sitebuilder.yahoo.com
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to
> [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
> >
> >
> > Door de electronische verzending van het bericht
> > kunnen er geen rechten
> > ontleend worden aan de informatie. Als u deze
> e-mail
> > onterecht heeft
> > ontvangen, waarschuwt u dan de afzender via
> > [email protected] en verwijder
> > de gegevens van de computer.
> >
> > Zuiveringsschap Hollandse Eilanden en Waarden,
> > Dordrecht
> > tel: +31 (0)78 6397100
> > fax: +31 (0)78 6311871
> > web: http://www.zhew.nl
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to
> [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
> >
> >
> > Christopher J. Dias - CCSA, CCSE (Checkpoint), MCP
> +
> > I,MCSE, (Microsoft), CCNA, CCNP (Cisco). CSE
> > (Novell)
> > Cím:1121 Budapest
> > Fülemile út 12-18 4.ép.3/11.
> > Telefon: 36 1 275-4008 Mobil:06-20/803 9687
> > [email protected]
> >
> >
> > ---------------------------------
> > Do you Yahoo!?
> > Yahoo! SiteBuilder - Free, easy-to-use web site
> > design software
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to
> [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site
> design software
> http://sitebuilder.yahoo.com
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
>
=== message truncated ===


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.