Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] HTTPS issue with NG FP3 user auth

To: [email protected]
Subject: Re: [FW-1] HTTPS issue with NG FP3 user auth
From: Vijay <[email protected]>
Date: Mon, 22 Sep 2003 08:47:04 -0700
In-reply-to: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Ok i got the point sir ,
Thanks a lot ....I did everything correctly except for
the proxy settings in the browser for secure sites..I
got i cant believe it i can misss this ..any ways
thanks a lot mcabrera ..and please let me know in
future u require any kind of help..i will try my level
best to help u ...this is my email ID
[email protected]
thanks a lot
--- mcabrera <[email protected]> wrote:
> The FW-1 acts like a Proxy, this is obvious...in
> each host you should
> configure the browser in a 443 port.
> But, Which is your doubt exactly?
>
> loop
>
>
>
>
> -----Mensaje original-----
> De: Mailing list for discussion of Firewall-1
>
[mailto:[email protected]]En
> nombre de Vijay
> Enviado el: lunes, 22 de septiembre de 2003 11:40
> Para: [email protected]
> Asunto: Re: [FW-1] HTTPS issue with NG FP3 user auth
>
>
> Hey
> thanks alot, for ur detailed procedure,
> I have tried all of them.
> Only diffrence i see in ur solution is that firewall
> is running HTTPS server on 443.(I supposed this sine
> u
> r telling me to change the proxy settings of the
> clients to the Internal Ip of FW and port 443.Bur my
> dear frd how many times user will keep on changing
> the
> port number ..i mean its not feasable..there has to
> be
> some way by which firewall accepts all the
> connection
> on port 80 and then do the PAT for internal user and
> initiate another connection to "https" sites on
> 443.I
> am just trying to understand if this is the case..
> thanks a lot..I have marked done or not done in your
> solution below and still HTTPS is not working...
> Though I see accept on firewall...
>
> Regards
> Vijay
> --- mcabrera <[email protected]> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hey...Vijay...!!!
> >
> > You are having problems with https?
> > Ok, follow this resolution...
> > Bye.
> >
> > loop
> >
> > ***********************************************
> >
> > Follow the workaround below:
> >
> > 1.  Stop the FireWall using the fwstop command.
> > 2.  Modify the file $FWDIR/conf/fwauthd.conf.  Add
> > the following at
> > the top of the file:
> >
> > 443 in.ahttpd wait 0
> >
> > 3.  The entry should be similar to others that are
> > already listed in
> > the file. (Be aware on NT: When you open this file
> > with edit.com from
> > the command prompt, it will only recognize 8.3
> file
> > names. You can
> > verify that you are in the proper file because you
> > will see several
> > lines similar to the one listed above).
> > 4.  Re-start the FireWall using the fwstart
> command.
> > 5.  Start the Policy Editor and go to Manage >
> > Services, and edit the
> > HTTPS service.
> > 6.  Re-define the 'Protocol Type' as a URI.
> >
> > For this example, we will create 'Test' as the
> user
> > and use FW
> > Authentication.
> >
> > 7.  Ensure that the authentication method used is
> > enabled in the
> > FireWall object.
> > 8.  Place the users in a group.
> >
> > For this example, we will use 'User_Auth_group' as
> > the source of this
> > rule.
> >
> > 9.  Ensure that there are no existing rules that
> > allow HTTPS, and
> > create a new rule as follows:
> >
> > User_Auth_Group@<any>     /     Any     /
> HTTPS
> >    /     User
> > Auth    /     Long
> >
> > 10.  Edit the User Auth action of this rule and
> > define 'All Servers'.
> > 11.  Install this policy.
> > 12.  Modify the Client's machine that is being
> > Authorized for HTTPS:
> > 13.  Open the browser and edit the Proxy
> properties
> > to reflect a
> > change for Security or HTTPS Proxy, and point it
> at
> > the internal
> > FireWall interface, port 443.
> >
> > At this point you should be able to enter an
> address
> > such as
> > https://www.firemail.de (or equivalent) in the
> > browser, and a User
> > Authentication box should pop up.
> >
> > 1.  Enter Username the password.
> > 2.  Verify that the site loads.
> >
> >
> >
>
**********************************************************************
> > ****************************
> >
> >
> >
> >
> > - -----Mensaje original-----
> > De: Mailing list for discussion of Firewall-1
> >
>
[mailto:[email protected]]En
> > nombre de Vijay
> > Enviado el: viernes, 19 de septiembre de 2003
> 20:44
> > Para: [email protected]
> > Asunto: Re: [FW-1] HTTPS issue with NG FP3 user
> auth
> >
> >
> > hi chris,
> > No i havent tried opening all the ports..since its
> > the
> > user auth i have to change un the services as <443
> > am
> > I right ? I chnaged http parameters in
> objects_5_0.c
> > ervim user auth does wirk with FP3 but only for
> Http
> > sites :(...
> > Please let me know if u have any tested solution..
> > regards
> > Vijay
> > - --- Chris Dias <[email protected]> wrote:
> > > Do you need to allow both ports 444 and 443 to
> > pass
> > > through the fw?
> > > Do you need to allow ident port 113 - I don't
> > > believe secure applications use this port
> anymore
> > -
> > > not sure.
> > > If you open the firewall wide open, what
> happens?
> > >
> >
>
http://www.iss.net/security_center/advice/Exploits/Ports/default.htm
> > >
> > > This one probably doesn't apply.
> > >
> >
>
http://www.microsoft.com/windows2000/techinfo/planning/security/kerbst
> > eps.asp
> > >
> > > Curious.  What parameters did you change in
> > userc.C?
> > >
> > > Elmar van Mourik <[email protected]> wrote:
> > > As far as I know user auth is NOT working with
> > https
> > > in FP 3.
> > > For that reason I want to upgrade to AI in the
> > near
> > > future.
> > >
> > > Elmar van Mourik
> > >
> > > -----Oorspronkelijk bericht-----
> > > Van: Vijay [mailto:[email protected]]
> > > Verzonden: donderdag 18 september 2003 15:16
> > > Aan: [email protected]
> > > Onderwerp: [FW-1] HTTPS issue with NG FP3 user
>
=== message truncated ===


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] HTTPS issue with NG FP3 user auth
  - From: mcabrera <[email protected]>

Prev by Date: Re: [FW-1] Securemote 4.1 issues
Next by Date: Re: [FW-1] HTTPS issue with NG FP3 user auth
Previous by thread: Re: [FW-1] HTTPS issue with NG FP3 user auth
Next by thread: Re: [FW-1] HTTPS issue with NG FP3 user auth
Index(es):
- Date
- Thread