Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] HTTPS issue with NG FP3 user auth

To: [email protected]
Subject: Re: [FW-1] HTTPS issue with NG FP3 user auth
From: Vijay <[email protected]>
Date: Mon, 22 Sep 2003 07:39:45 -0700
In-reply-to: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hey
thanks alot, for ur detailed procedure,
I have tried all of them.
Only diffrence i see in ur solution is that firewall
is running HTTPS server on 443.(I supposed this sine u
r telling me to change the proxy settings of the
clients to the Internal Ip of FW and port 443.Bur my
dear frd how many times user will keep on changing the
port number ..i mean its not feasable..there has to be
some way by which firewall accepts all the connection
on port 80 and then do the PAT for internal user and
initiate another connection to "https" sites on 443.I
am just trying to understand if this is the case..
thanks a lot..I have marked done or not done in your
solution below and still HTTPS is not working...
Though I see accept on firewall...

Regards
Vijay
--- mcabrera <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hey...Vijay...!!!
>
> You are having problems with https?
> Ok, follow this resolution...
> Bye.
>
> loop
>
> ***********************************************
>
> Follow the workaround below:
>
> 1.  Stop the FireWall using the fwstop command.
> 2.  Modify the file $FWDIR/conf/fwauthd.conf.  Add
> the following at
> the top of the file:
>
> 443 in.ahttpd wait 0
>
> 3.  The entry should be similar to others that are
> already listed in
> the file. (Be aware on NT: When you open this file
> with edit.com from
> the command prompt, it will only recognize 8.3 file
> names. You can
> verify that you are in the proper file because you
> will see several
> lines similar to the one listed above).
> 4.  Re-start the FireWall using the fwstart command.
> 5.  Start the Policy Editor and go to Manage >
> Services, and edit the
> HTTPS service.
> 6.  Re-define the 'Protocol Type' as a URI.
>
> For this example, we will create 'Test' as the user
> and use FW
> Authentication.
>
> 7.  Ensure that the authentication method used is
> enabled in the
> FireWall object.
> 8.  Place the users in a group.
>
> For this example, we will use 'User_Auth_group' as
> the source of this
> rule.
>
> 9.  Ensure that there are no existing rules that
> allow HTTPS, and
> create a new rule as follows:
>
> User_Auth_Group@<any>     /     Any     /     HTTPS
>    /     User
> Auth    /     Long
>
> 10.  Edit the User Auth action of this rule and
> define 'All Servers'.
> 11.  Install this policy.
> 12.  Modify the Client's machine that is being
> Authorized for HTTPS:
> 13.  Open the browser and edit the Proxy properties
> to reflect a
> change for Security or HTTPS Proxy, and point it at
> the internal
> FireWall interface, port 443.
>
> At this point you should be able to enter an address
> such as
> https://www.firemail.de (or equivalent) in the
> browser, and a User
> Authentication box should pop up.
>
> 1.  Enter Username the password.
> 2.  Verify that the site loads.
>
>
>
**********************************************************************
> ****************************
>
>
>
>
> - -----Mensaje original-----
> De: Mailing list for discussion of Firewall-1
>
[mailto:[email protected]]En
> nombre de Vijay
> Enviado el: viernes, 19 de septiembre de 2003 20:44
> Para: [email protected]
> Asunto: Re: [FW-1] HTTPS issue with NG FP3 user auth
>
>
> hi chris,
> No i havent tried opening all the ports..since its
> the
> user auth i have to change un the services as <443
> am
> I right ? I chnaged http parameters in objects_5_0.c
> ervim user auth does wirk with FP3 but only for Http
> sites :(...
> Please let me know if u have any tested solution..
> regards
> Vijay
> - --- Chris Dias <[email protected]> wrote:
> > Do you need to allow both ports 444 and 443 to
> pass
> > through the fw?
> > Do you need to allow ident port 113 - I don't
> > believe secure applications use this port anymore
> -
> > not sure.
> > If you open the firewall wide open, what happens?
> >
>
http://www.iss.net/security_center/advice/Exploits/Ports/default.htm
> >
> > This one probably doesn't apply.
> >
>
http://www.microsoft.com/windows2000/techinfo/planning/security/kerbst
> eps.asp
> >
> > Curious.  What parameters did you change in
> userc.C?
> >
> > Elmar van Mourik <[email protected]> wrote:
> > As far as I know user auth is NOT working with
> https
> > in FP 3.
> > For that reason I want to upgrade to AI in the
> near
> > future.
> >
> > Elmar van Mourik
> >
> > -----Oorspronkelijk bericht-----
> > Van: Vijay [mailto:[email protected]]
> > Verzonden: donderdag 18 september 2003 15:16
> > Aan: [email protected]
> > Onderwerp: [FW-1] HTTPS issue with NG FP3 user
> auth
> >
> >
> > Dear Checkpoint Gurus!!
> > I have written this issue before but did not get
> any
> > answers so thought I shall try again...I am
> > Installing
> > Checkpoint NG FP3 On windows 2k box.
> > I am having this rule.
> > Internal@user https, http User Auth.<----Rule
> > Number 1
> > initially user auth was not working for http but
> > after
> > changing 3 http parameters in object_5_0.c user
> > authentication started working for HTTp sites
> only.
> > For https sites like hotmail or for that matter
> > checkpoint secure knowledge i was not able to get
> > any
> > page in the browser. On the firewall I am getting
> > the
> > accept for https requests.
> > Any one has any clue? Please please reply
> ....badly
> > require solution for this.
> > Regards
> > Vj
> >
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! SiteBuilder - Free, easy-to-use web site
> > design software
> > http://sitebuilder.yahoo.com
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to
> [email protected]
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > [email protected]
> > =================================================
> >
> >
> > Door de electronische verzending van het bericht
> > kunnen er geen rechten
> > ontleend worden aan de informatie. Als u deze
> e-mail
> > onterecht heeft
> > ontvangen, waarschuwt u dan de afzender via
> > [email protected] en verwijder
> > de gegevens van de computer.
> >
>
=== message truncated ===


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] HTTPS issue with NG FP3 user auth
  - From: mcabrera <[email protected]>

References:
- Re: [FW-1] HTTPS issue with NG FP3 user auth
  - From: mcabrera <[email protected]>

Prev by Date: Re: [FW-1] HTTPS issue with NG FP3 user auth
Next by Date: Re: [FW-1] HTTPS issue with NG FP3 user auth
Previous by thread: Re: [FW-1] HTTPS issue with NG FP3 user auth
Next by thread: Re: [FW-1] HTTPS issue with NG FP3 user auth
Index(es):
- Date
- Thread