NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Squirrelmail Issues/CP NG + AI



Realizing this is the Checkpoint List, I figured I would take a shot.  I
have posted to the squirrelmail list, and got suggestions, but no real
answer.

Firewall: NG + AI on Secure Platform
Webmail: Squirrelmail 1.4.1 on Redhat 8.0, httpd-2.0.40-11.5,
php-4.2.2-8.0.8

The Webmail piece hooks into a mail server on another box, running Redhat
8.0, Postfix and Courier IMAP.

I have about 20 + users who come in through the firewall that consistently
get booted out of squirrelmail when replying or trying to forward a message.
The webmail piece uses user authentication.  The webmail box uses static NAT
as well.  A user authenticates through the firewall, then authenticates on
the mail server.  I experience no errors with the login process, mail
retrieval, or use of the many plug-ins I have set up.  But when these users
try to reply or forward, the session dies, and they get an error message
saying FW1 : access denied.  A look at my logs shows no drops or rejects,
just the successful authentication of the user as they came through the
firewall originally.  I made sure all timeouts, the user, session,
squirrelmail timeouts as well as my AI settings work.  Nothing seems to
interferes there nor do the logs indicate so.  Checking my AI drop doesn't
indicate the drops can be linked to my problem.  DNS resolution seems to be
fine throughout.


I have discovered all the users use some form of IE 6, whether it be release
or SP1 + hotfixes.  Those on 5 or 5.5 are OK.  Also, other browser users,
Opera, Netscape, Mozilla, etc. are fine.  My guess it is the way IE 6
renders frames and sessions and sometimes gets boxed up and the session
dies.  So, even though I think it's the browser, I am curious if other
Checkpoint users have seen this behavior.  On the squirrelmail list,
responses to this problem are usually met with, it's a browser issue.  If I
controlled all my users computers, I could say, don't use IE 6.
Unfortuneatley, these are users are at different physical locations, some
miltary bases where I cannot dictate software installation/removal.  With
the increased use of windows update, IE 6 as a critical update, IE 6 is more
or less ubitiquous on the windows platform.

So, if anybody has suggestions, great.  If not, thanks for reading.

Regards,
Scott

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.