[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Firewall-1 4.0 and Implicit Authentication

To: "'jake.rog@ttcmail.com'" <jake.rog@ttcmail.com>, FW1 Mailing List <fw-1-mailinglist@lists.us.checkpoint.com>
Subject: RE: [FW1] Firewall-1 4.0 and Implicit Authentication
From: "Pavlichek, Doris (GEIS, GE Capital Consulting)" <Doris.Pavlichek@geis.ge.com>
Date: Mon, 26 Apr 1999 15:31:23 -0400


PhoneBoy - correct me if I am wrong, but it looks like the two rules Jake
has listed here are flipped....
 
First rule should be 
All@any	any	http	ClientAuth	Long	GW

THEN...
All@any	any	http	UserAuth	Long	GW
 
In this manner, the first session bypasses Client Auth because the user
isn't yet authenticated, and hits User Auth.  User logs in, next URL goes
through Client Auth and user isn't stopped for login.
 
Like I said, correct that if it's wrong...DP

> -----Original Message-----
> From:	Jake Rog [SMTP:jake.rog@ttcmail.com]
> Sent:	Sunday, April 25, 1999 4:55 PM
> To:	FW1 Mailing List
> Subject:	[FW1] Firewall-1 4.0 and Implicit Authentication
> 
> 
> I was trying to implement the User Authentication with FW1 and being able
> to
> supply the Username/Password only ones and not have to supply it for every
> new URL.  I have found the article on PhoneBoy that described the way to
> accomplish this.  The article was written for FW1 v3.0, so I don't really
> know whether it applies to v4.0
> 
> 
> When using the Implicit Authentication with the following rules, after the
> User is first asked to supply the Username/Password to access the specific
> website it should NOT ask for the credentials again, however it still
> DOES!
> 
> All@any     any     http     UserAuth     Long     GW
> All@any     any     http     ClientAuth   Long     GW
> 
> I have enabled the "automatically_open_ca_rules from (false) to (true) in
> OBJECTS.C
> UserAuth IS configured for "All Servers"
> ClientAuth IS configured for "Standard/Manual/Log".
> 
> How else can I accomplish this?
> 
> Thank you very much.
> 
> 
> 
> ==========================================================================
> ======
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Unexplained log entries
Next by Date: [FW1] Save log files as text file
Prev by thread: [FW1] Firewall-1 4.0 and Implicit Authentication
Next by thread: RE: [FW1] Firewall-1 4.0 and Implicit Authentication
Index(es):
- Date
- Thread