Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] https, SSL, http Security server and NG FP3 internal CA

To: [email protected]
Subject: [FW-1] https, SSL, http Security server and NG FP3 internal CA
From: Mayooran Pooranachandran <[email protected]>
Date: Sun, 2 Nov 2003 10:14:05 -0500
Importance: high
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hello all,



I am not sure if this is possible or if I am going about this the wrong way.



Scenario:



I have an https box in the DMZ which I do not want to have it accessible
directly by external users by doing a static NAT.  I would like to utilize
the http security servers and have the external users use https://
<https://%3cfw-1%3e/%3clogical> <FW-1>/<logical>  When the users access this
site, I would like the firewall to do a User Auth (as certain users are not
allowed to access during certain hours).  I would also like to  use FW-1
internal Certificate Authority for SSL.



I have followed the Checkpoint docs starting from page 109.."Support for
https - Controlling External Access to Internal https" section.  But
unfortunately this doesn't seem to work.  I have changed
prompt_for_destination to true with dbedit.  I have also changed the User
auth properties to, in the rule, to Predefined servers.  I have also changed
the https service properties -> Advanced and selected HTTP and check the TCP
resources.



The rule is:



Source: Any

Dest: DMZ-Net, FW-1

IF VIA: Any

Service: https

Action: User Auth

Track: Log

Install On: Policy Targets



For the reading I have been doing, it seems like I cannot seem to use
Checkpoint's internal CA to establish ssl communication to the firewall.



Any suggestion(s) and help will be greatly appreciated.



Thank you in advance.





---------------------------
Mayooran Pooranachandran
Director, Network Services
Danier Leather Inc.




=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: [FW-1] Cisco VPN Client to CP-NG (upgraded)
Next by Date: Re: [FW-1] Starnge Yahoo issue with websense and FP2
Previous by thread: [FW-1] Cisco VPN Client to CP-NG (upgraded)
Next by thread: Re: [FW-1] Starnge Yahoo issue with websense and FP2
Index(es):
- Date
- Thread