[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Firewall-1 4.0 and Implicit Authentication

To: FW1 Mailing List <fw-1-mailinglist@lists.us.checkpoint.com>
Subject: RE: [FW1] Firewall-1 4.0 and Implicit Authentication
From: Steve Ribble <steverib@fyiowa.com>
Date: Wed, 28 Apr 1999 08:54:13 -0500


I have tried a similar setup again today without success, since
upgrading to version 4.0.

5	test@any	any	ftp	ClientAuth	Long	GW
6	test@any	any	http	UserAuth	Long	GW
7	any		any	any	Drop		Long	GW

After firing up a browser I get the authentication window and am
accepted by rule 6. I then fire up my WS_FTP client without any firewall
information. That connection is rejected by rule 7. If I add the
firewall information (remoteid@FW1id@remotehost) I am accepted by rule
5.

This rulebase worked fine in 3.0b.

This tells me 2 things, FW1 does see rule 5, Implicit Authentication
DOES NOT WORK on FW1 4.0.

> -----Original Message-----
> From: Dameon D. Welch [mailto:dwelch@hotmail.com]
> Sent: Tuesday, April 27, 1999 7:31 PM
> To: jake.rog@ttcmail.com; FW1 Mailing List
> Subject: Re: [FW1] Firewall-1 4.0 and Implicit Authentication
> 
> 
> 
> I have a feeling it's because your client auth properties are not set
> correctly. Check to see that the timeout is set adequately 
> and that the
> number of connections allowed is "infinite" (or a really high number).
> 
> -- PhoneBoy
> 
> > Thank you. I have tried to reverse the order:
> >
> > All@any     any     http     ClientAuth   Long     GW
> > All@any     any     http     UserAuth     Long     GW
> >
> > No luck, the client is still being asked to authenticate on 
> every request,
> > just like the ClientAuth Rule is NOT working?  I have also tried the
> > ImplicitAuth with SessionAuth with the same result. Back in the same
> court.
> > What else I can check for?
> 
> 
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the 
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] FW upgrade
Next by Date: [FW1] 1. FW Welcome message and 2. WebSENSE
Prev by thread: RE: [FW1] Firewall-1 4.0 and Implicit Authentication
Next by thread: Re: [FW1] Firewall-1 4.0 and Implicit Authentication
Index(es):
- Date
- Thread