[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] HTTPS Security Server Problem

To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] HTTPS Security Server Problem
From: "Ernesto Franco (Red Colombia)" <efranco@redcolombia.com.co>
Date: Wed, 30 Jun 1999 14:24:58 -0500
    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set. Some ]
    [ characters may be displayed incorrectly. ]


Hi, I´m working with FW-1 4.0 SP4 over NT 4.0 Box, and I configured HTTPS
Publishing through HTTPS Security Server as says AA Manual.

All works fine, except that some requests are too slow and randomly some
objects (by example, JavaScripts) don´t run over the Browser.

What is the problem, is some filtering, or definitively Security Servers
feature is slow over FW-1?

Any help is appreciated.

Ernesto Franco
Sys Engineer
----- Original Message -----
From: Millan, Bill <BMillan@PacificLife.com>
To: 'Chris H' <cghoerichs@yahoo.com>;
<fw-1-mailinglist@lists.us.checkpoint.com>
Sent: Jueves 30 de Septiembre de 1999 04:37 PM
Subject: RE: [FW1] --- OWA in DMZ of Firewall Enviroment ---


>
>I have this up and working - two notes -1) owa is on iis server in dmz
>with
>one way trust to interal net exchange server. Allow ssl connections only
>to
>iis/owa/cert server with root cert enabled to force 128 encrypt of
>usernames
>and passwords which would otherwise go in the clear (basic clear text
>auth).
>2) You can put a pram in the owa server settings to pass the domain name
>so
>the users do not have to put in \domainname\username just username and
>password I found this info in technet but don't remember the details
>offhand.
>
>-----Original Message-----
>From: Chris H [mailto:cghoerichs@yahoo.com]
>Sent: Thursday, September 30, 1999 12:13 PM
>To: fw-1-mailinglist@lists.us.checkpoint.com
>Subject: RE: [FW1] --- OWA in DMZ of Firewall Enviroment ---
>
>
>
>Two things you can do.  As stated by Rob you can split
>the IIS, but you still pass the username and password.
> What I have done at a couple of places is to make
>sure that the Exchange server is in it's own domain
>and uses a trust to get usernames etc (down side you
>have to put <\domainname loginID> in the name field
>for OWA and it pisses the execs off).  That isn't that
>secure in its self, but it keeps the usernames and
>passwords off of the server and in one location.  The
>other is to implement SSL on your Exchange server.
>Works great and adds encryption to your http.
>
>Chris
>
>--- Rob Shein <Rshein@LANSOLUTIONS.com> wrote:
>>
>> You've got bigger problems than just that...OWA is
>> NOT a terribly secure web
>> application.  I don't recommend that you use it,
>> firewall/DMZ problems
>> aside.  One thing you could possibly use, however,
>> would be another instance
>> of IIS; it is possible to have it act as a forwarder
>> to the real OWA behind
>> the firewall, I believe.
>>
>> > -----Original Message-----
>> > From: Arno Hechenberger [mailto:arno@citydata.at]
>> > Sent: Thursday, September 23, 1999 4:51 PM
>> > To: FW-1 Mailing List (E-Mail)
>> > Subject: [FW1] --- OWA in DMZ of Firewall
>> Enviroment ---
>> >
>> >
>> >
>> > Hi !!
>> >
>> > I saw that the OutlookWebAccess server
>> authenticates the
>> > users with the
>> > local user
>> > database !!!!
>> >
>> > The Exchange Server is in the private 192.168.x.x
>> Network and
>> > is called by
>> > the OWA Server.
>> >
>> > So I have to put all user account on the OWA
>> Server to the DMZ  :-((
>> > ...that's not very clever, but otherwise I can't
>> authenticate OWA
>> >
>> > IS THERE AN OTHER SOLUTION ????
>> >
>> > Please reply !!
>> >
>> >
>> > Arno
>> >
>> >
>> > --------------------------------------------
>> >
>> > Arno Hechenberger
>> >
>> > citydata
>> > Langgasse 114
>> > 6830 Rankweil
>> > AUSTRIA
>> >
>> > mailto:arno@citydata.at
>> >
>> > phone: +43 5522 48555 14
>> > fax:   +43 5522 48555 5
>> >
>> > http://www.citydata.at/
>> >
>> > --------------------------------------------
>> >
>> >
>> >
>> >
>> >
>> >
>>
>==============================================================
>> > ==================
>> >      To unsubscribe from this mailing list, please
>> see the
>> > instructions at
>> >
>> http://www.checkpoint.com/services/mailing.html
>> >
>>
>==============================================================
>> > ==================
>> >
>>
>>
>>
>========================================================================
>====
>====
>>      To unsubscribe from this mailing list, please
>> see the instructions at
>>
>> http://www.checkpoint.com/services/mailing.html
>>
>========================================================================
>====
>====
>>
>
>
>
>=====
>Chris
>__________________________________________________
>Do You Yahoo!?
>Bid and sell for free at http://auctions.yahoo.com
>
>
>========================================================================
>====
>====
>     To unsubscribe from this mailing list, please see the instructions
>at
>               http://www.checkpoint.com/services/mailing.html
>========================================================================
>====
>====
>
>
>========================================================================
>========
>     To unsubscribe from this mailing list, please see the instructions
>at
>               http://www.checkpoint.com/services/mailing.html
>========================================================================
>========



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
Next by Date: [Fwd: RE: [FW1] SMTP security server setup and NBT]
Next by thread: [Fwd: RE: [FW1] SMTP security server setup and NBT]
Index(es):
- Date
- Thread