NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Possible bug in Agent Automatic Client Authentication on NG FP3 HF2?



Hi

We have an interesting scenario where we have upgraded a 4.1 SP5 machine,
running on Windows NT4 to NG FP3 HF2 on Windows 2000 server.

The configuration has a rule which uses Agent Automatic Client
Authentication, using the standard (NG) Session agent. When a user
authenticates (using  RSA keyfobs), they authenticate OK, and this is logged
by the firewall , but the session authentication applet sticks on the user's
screen and does not clear down to the task bar as it used to. This makes the
end users think that they have not authenticated and they keep trying.

Two interesting log entries appear in the firewall log:

RPC_PROG0: Connection to session agent failed
Drop under rule 0 regarding local address spoofing.

No anti-spoofing is configured, not under the firewall's network object, not
under smart defence, not anywhere. But the really interesting thing is that
if I change the rule to a Session Authenticate action, the applet clears
down OK with no other change of rule base at all. Surely if the problem was
anti spoofing (which is not enabled) then it would still not work.

I have run a packet sniffer, and it appears that the final 320 OK message is
not getting sent if the rule is configured to use Agent Automatic Client
Authentication, but is getting sent back if exactly the same rule is changed
to session authentication. Incidentally, this rule worked fine under 4.1
configured both ways.

I have gone through the entire Check Point secureknowledge, and nothing even
describes this issue.

Any and all ideas greatly appreciated.

Regards

Dave Wray
Sec-tec Ltd

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.