[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Firewall-1 4.0 and Implicit Authentication
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
In order to achieve that you have to use the FW1 as a WEB proxy and point
the Web Browser to the Firewall IP address. I would think that this would
be a great security risk to allow people to send ANY packets to the Firewall
directly.
Usually I would have the rule that says:
Source Dest Service Action Track Install On
ANY FW ANY DROP Long GW
Any thoughts???
P.S. Also, which IP address do you use as a Proxy Internal/External???
> -----Original Message-----
> From: Jason_T_Findley@pgatourhq.com
> [mailto:Jason_T_Findley@pgatourhq.com]
> Sent: Wednesday, April 28, 1999 9:11 AM
> To: FW1 Mailing List
> Subject: RE: [FW1] Firewall-1 4.0 and Implicit Authentication
>
>
>
>
>
> Correct me if I'm wrong, but doesnt ver 4.0 get rid of the need to use
> implicit client auth? I have tested user auth for http with ver 4 and it
> only prompted me for a password once, no matter how many sites I went to.
> Am I missing something?
>
>
>
>
>
> "Woods, Chris" <Chris-Woods@forum-financial.com> on 04/28/99 09:07:25 AM
>
>
>
> To: FW1 Mailing List
> <fw-1-mailinglist@lists.us.checkpoint.com>
>
> cc: (bcc: Jason T Findley/PGA TOUR)
>
>
>
> Subject: RE: [FW1] Firewall-1 4.0 and Implicit
> Authentication
>
>
>
>
>
>
>
>
>
>
> Forgive me, but where would I find this? Is it a setting in objects.c or
> is
> it accessible via the GUI? (FYI, I am using NT)
>
> I found the user auth timeout, but I couldn't find where to set the number
> of connections.
>
> I tried the same thing the other gentleman tested and experienced the same
> behaviour on NT 4.0 FW-1 4.0 where the user auth would keep coming up and
> keep coming up and
> keep coming up and keep coming up and, well, maybe you get the idea. ;)
>
> -----Original Message-----
> From: Dameon D. Welch [mailto:dwelch@hotmail.com]
> Sent: Tuesday, April 27, 1999 8:31 PM
> To: jake.rog@ttcmail.com; FW1 Mailing List
> Subject: Re: [FW1] Firewall-1 4.0 and Implicit Authentication
>
>
>
> I have a feeling it's because your client auth properties are not set
> correctly. Check to see that the timeout is set adequately and that the
> number of connections allowed is "infinite" (or a really high number).
>
> -- PhoneBoy
>
> > Thank you. I have tried to reverse the order:
> >
> > All@any any http ClientAuth Long GW
> > All@any any http UserAuth Long GW
> >
> > No luck, the client is still being asked to authenticate on every
> request,
> > just like the ClientAuth Rule is NOT working? I have also tried the
> > ImplicitAuth with SessionAuth with the same result. Back in the same
> court.
> > What else I can check for?
>
>
> ==================================================================
> =========
> =
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==================================================================
> =========
> =
> ====
>
>
> ==================================================================
> =========
> =====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==================================================================
> =========
> =====
>
>
>
>
>
> ==================================================================
> ==============
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==================================================================
> ==============
>
[ Part 2, Application/MS-TNEF 1.7KB. ]
[ Unable to print this part. ]