NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] HTTPS issue with NG FP3 user auth



well, the solution goes here

loop

*******************************************************************

Solution:
In order to enable browsing websites using HTTPS with User Authentication,
proceed with the following:

On the firewall module
======================

1. Issue cpstop

2. Make a complete backup of the $FWDIR/conf/fwauthd.conf file

3. Open the $FWDIR/conf/fwauthd.conf file with a text editor

4. Add the following entry to the fwauthd.conf file, using the same syntax
and spacing as the other entries in the file:

443 fwssd in.ahttpd wait 0

6. Save the $FWDIR/conf/fwauthd.conf file

7. Issue cpstart

On the management module
========================
1. Close all GUI clients

2. Issue the dbedit command

3. Hit the enter key when asked to enter the server name

4. Enter the firewall administrator name

5. Enter the firewall administrator password

6. Enter the following series of commands:

modify properties firewall_properties http_connection_method_proxy true
modify properties firewall_properties http_connection_method_transparent
true
modify properties firewall_properties http_connection_method_tunneling true
update properties firewall_properties
quit


7. Open the Policy Editor

8. Select Manage > Services

9. In the Services dialog box, select https from the services list

10. Click on Edit

11. In the TCP Service Properties dialog box, click on Advanced in the
General tab

12. In the Advanced TCP Service Properties dialog box, set the Protocol Type
drop down list to HTTP

13. Check the Enable TCP resource check box

14. Click on OK in the Advanced TCP Service Properties dialog box

15. Click on OK in the TCP Service Properties dialog box

16. Click on Close in the Services dialog box

17. Create the following User Authentication rule in the rulebase
(internal_net represents the internal network in the following sample rule):

SOURCE: All Users@internal_net
DESTINATION: Any
SERVICE: https
ACTION: User Auth
TRACK: Log
INSTALL ON: Policy Targets

18. Right click on the User Auth icon under the ACTION column and select
Edit properties

19. In the User Authentication Action Properties dialog box, select the All
servers radio button in the HTTP section of the General tab

20. Click on OK in the User Authentication Action Properties dialog box

21. Install the security policy

****************************************************************************
***************

Saludos,

Mateo Cabrera - Technical Support
EASYNET S.R.L.
Network Security Solutions
Edificio Torre El Gaucho
Constituyente 1467 of. 802
Tel/Fax: (598 2) 4004378

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.