[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Firewall-1 4.0 and Implicit Authentication

To: FW1 Mailing List <fw-1-mailinglist@lists.us.checkpoint.com>
Subject: RE: [FW1] Firewall-1 4.0 and Implicit Authentication
From: Jake Rog <jake.rog@ttcmail.com>
Date: Tue, 27 Apr 1999 06:54:48 -0400

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Thank you. I have tried to reverse the order:

All@any     any     http     ClientAuth   Long     GW
All@any     any     http     UserAuth     Long     GW

No luck, the client is still being asked to authenticate on every request,
just like the ClientAuth Rule is NOT working?  I have also tried the
ImplicitAuth with SessionAuth with the same result. Back in the same court.
What else I can check for?

Any ideas?


> -----Original Message-----
> From: Dameon D. Welch [mailto:dwelch@hotmail.com]
> Sent: Tuesday, April 27, 1999 3:14 AM
> To: Pavlichek, Doris (GEIS, GE Capital Consulting);
> jake.rog@ttcmail.com; FW1 Mailing List
> Subject: Re: [FW1] Firewall-1 4.0 and Implicit Authentication
>
>
> > PhoneBoy - correct me if I am wrong, but it looks like the two
> rules Jake
> > has listed here are flipped....
>
> You are correct, sir.
>
> Order of rules is very important with implicit client auth.
>
> -- PhoneBoy
>
>
>
>
>
>
> -----Original Message-----
> From:	Jake Rog [SMTP:jake.rog@ttcmail.com]
> Sent:	Sunday, April 25, 1999 4:55 PM
> To:	FW1 Mailing List
> Subject:	[FW1] Firewall-1 4.0 and Implicit Authentication
>
>
> I was trying to implement the User Authentication with FW1 and being able
> to
> supply the Username/Password only ones and not have to supply it for every
> new URL.  I have found the article on PhoneBoy that described the way to
> accomplish this.  The article was written for FW1 v3.0, so I don't really
> know whether it applies to v4.0
>
>
> When using the Implicit Authentication with the following rules, after the
> User is first asked to supply the Username/Password to access the specific
> website it should NOT ask for the credentials again, however it still
> DOES!
>
> All@any     any     http     UserAuth     Long     GW
> All@any     any     http     ClientAuth   Long     GW
>
> I have enabled the "automatically_open_ca_rules from (false) to (true) in
> OBJECTS.C
> UserAuth IS configured for "All Servers"
> ClientAuth IS configured for "Standard/Manual/Log".
>
> How else can I accomplish this?
>
> Thank you very much.

    [ Part 2, Application/MS-TNEF  1.6KB. ]
    [ Unable to print this part. ]

Prev by Date: [FW1] Armoring NT completed
Next by Date: [FW1] Help! Lots of RST entries!
Prev by thread: RE: [FW1] Firewall-1 4.0 and Implicit Authentication
Next by thread: Re: [FW1] Firewall-1 4.0 and Implicit Authentication
Index(es):
- Date
- Thread