[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] HTTPS issue with NG FP3 user auth
well, the solution goes here loop ******************************************************************* Solution: In order to enable browsing websites using HTTPS with User Authentication, proceed with the following: On the firewall module ====================== 1. Issue cpstop 2. Make a complete backup of the $FWDIR/conf/fwauthd.conf file 3. Open the $FWDIR/conf/fwauthd.conf file with a text editor 4. Add the following entry to the fwauthd.conf file, using the same syntax and spacing as the other entries in the file: 443 fwssd in.ahttpd wait 0 6. Save the $FWDIR/conf/fwauthd.conf file 7. Issue cpstart On the management module ======================== 1. Close all GUI clients 2. Issue the dbedit command 3. Hit the enter key when asked to enter the server name 4. Enter the firewall administrator name 5. Enter the firewall administrator password 6. Enter the following series of commands: modify properties firewall_properties http_connection_method_proxy true modify properties firewall_properties http_connection_method_transparent true modify properties firewall_properties http_connection_method_tunneling true update properties firewall_properties quit 7. Open the Policy Editor 8. Select Manage > Services 9. In the Services dialog box, select https from the services list 10. Click on Edit 11. In the TCP Service Properties dialog box, click on Advanced in the General tab 12. In the Advanced TCP Service Properties dialog box, set the Protocol Type drop down list to HTTP 13. Check the Enable TCP resource check box 14. Click on OK in the Advanced TCP Service Properties dialog box 15. Click on OK in the TCP Service Properties dialog box 16. Click on Close in the Services dialog box 17. Create the following User Authentication rule in the rulebase (internal_net represents the internal network in the following sample rule): SOURCE: All Users@internal_net DESTINATION: Any SERVICE: https ACTION: User Auth TRACK: Log INSTALL ON: Policy Targets 18. Right click on the User Auth icon under the ACTION column and select Edit properties 19. In the User Authentication Action Properties dialog box, select the All servers radio button in the HTTP section of the General tab 20. Click on OK in the User Authentication Action Properties dialog box 21. Install the security policy **************************************************************************** *************** Saludos, Mateo Cabrera - Technical Support EASYNET S.R.L. Network Security Solutions Edificio Torre El Gaucho Constituyente 1467 of. 802 Tel/Fax: (598 2) 4004378 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|