[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] https, SSL, http Security server and NG FP3 internal CA
Hello all, I am not sure if this is possible or if I am going about this the wrong way. Scenario: I have an https box in the DMZ which I do not want to have it accessible directly by external users by doing a static NAT. I would like to utilize the http security servers and have the external users use https:// <https://%3cfw-1%3e/%3clogical> <FW-1>/<logical> When the users access this site, I would like the firewall to do a User Auth (as certain users are not allowed to access during certain hours). I would also like to use FW-1 internal Certificate Authority for SSL. I have followed the Checkpoint docs starting from page 109.."Support for https - Controlling External Access to Internal https" section. But unfortunately this doesn't seem to work. I have changed prompt_for_destination to true with dbedit. I have also changed the User auth properties to, in the rule, to Predefined servers. I have also changed the https service properties -> Advanced and selected HTTP and check the TCP resources. The rule is: Source: Any Dest: DMZ-Net, FW-1 IF VIA: Any Service: https Action: User Auth Track: Log Install On: Policy Targets For the reading I have been doing, it seems like I cannot seem to use Checkpoint's internal CA to establish ssl communication to the firewall. Any suggestion(s) and help will be greatly appreciated. Thank you in advance. --------------------------- Mayooran Pooranachandran Director, Network Services Danier Leather Inc. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|