Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] Clientless VPN & RADIUS

from Walsh, John [Permanent Link]
Subject: Re: [FW-1] Clientless VPN & RADIUS
From: "Walsh, John" <John.Walsh AT NEWELLANDBUDGE DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Thu, 29 May 2003 12:18:33 +0100 
Egonle,

You could try editing the $FWDIR/conf/fwauthd.conf file.  You can use this
file to modify some aspects of the HTTP security severs behaviour.

Some potential example entries:

443 fwssd in.ahttpd wait 0 eb:<CertificateNickname>
80 fwssd in.ahttpd wait 0

The last field specifies what to do with HTTPS connections. The available
options are :
ec - encrypt the connections between the client and the gateway.
es - encrypt connections between the gateway and the server
eb - encrypt connections between the client and the server
ns - no SSL (no encryption)

Leaving this field empty is the same as specifying ns.

Try the eb "Encrypt Both" option. I have not attempted to do in conjunction
with Clientless VPN and so cannot confirm if this will work.

Best of luck,
John


-----Original Message-----
From: egonle [mailto:egonle AT NETSCAPE DOT NET]
Sent: 29 May 2003 00:11
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Clientless VPN & RADIUS


John,

I got it to work that's really easy. However the firewall connects to the
webserver on port 80 (general http). Do you know a way to force the firewall
to use https to connect to the webserver?

Regards,
Egonle


"Walsh, John" <John.Walsh AT NEWELLANDBUDGE DOT COM> wrote:

>Egonle,
>
>Clientless VPN utilises functionality of the HTTP security server.  As
>far as I'm aware it can support any of the standard authentication
>methods. I've tested it with Certificates (ICA and External CA) and
>password authentication (Internal FW-1 and LDAP).  I would image Radius
>would work fine as well.
>
>The relative level of security offered by each solution will depend on
>whether RADIUS is using simple passwords or some other form (two
>factor) of authentication.  Certificates can offer very good security
>if implemented well (e.g. in conjunction with eTokens for secure
>private key storage).
>
>Regards,
>John
>
>
>
>-----Original Message-----
>From: egonle [mailto:egonle AT NETSCAPE DOT NET]
>Sent: 19 May 2003 13:46
>To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
>Subject: [FW-1] Clientless VPN & RADIUS
>
>
>Hi,
>
>anybody setup Clientless VPN and RADIUS authentication? Is that a
>reasonable setup or do I have to use certs when using Clientless VPN?
>
>
>Regards,
>Egonle
>
>
>__________________________________________________________________
>Try AOL and get 1045 hours FREE for 45 days!
>http://free.aol.com/tryaolfree/index.adp?375380
>
>Get AOL Instant Messenger 5.1 free of charge.  Download Now!
>http://aim.aol.com/aimnew/Aim/register.adp?promo=380455
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================
>
>***********************************************************************
>*********
>  This electronic mail system is used for information purposes and is
>  not intended to form any legal contract or binding agreement.
>  The content is confidential and may be legally privileged. Access
>  by anyone other than the addressee(s) is unauthorised and any
>  disclosure, copying, distribution or any other action taken in
>  reliance on it is prohibited and maybe unlawful
>
>  All incoming and outgoing e-mail communications and attachments
>  are scanned automatically by software designed to detect and remove
>  any material containing viruses or other unauthorised content.  While
>  we undertake best endeavours to ensure that this content checking
>  software is up to date, recipients should take steps to assure
>themselves
>  that e-mails received are secure.
>***************************************************************************
************
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================
>

__________________________________________________________________
McAfee VirusScan Online from the Netscape Network. Comprehensive protection
for your entire computer. Get your free trial today!
http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397

Get AOL Instant Messenger 5.1 free of charge.  Download Now!
http://aim.aol.com/aimnew/Aim/register.adp?promo=380455

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

********************************************************************************
  This electronic mail system is used for information purposes and is
  not intended to form any legal contract or binding agreement.
  The content is confidential and may be legally privileged. Access
  by anyone other than the addressee(s) is unauthorised and any
  disclosure, copying, distribution or any other action taken in
  reliance on it is prohibited and maybe unlawful

  All incoming and outgoing e-mail communications and attachments
  are scanned automatically by software designed to detect and remove
  any material containing viruses or other unauthorised content.  While
  we undertake best endeavours to ensure that this content checking
  software is up to date, recipients should take steps to assure themselves
  that e-mails received are secure.
***************************************************************************************

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] Secureplatform on HP DL360 with Broadcom NIC, Siddhartha Jain(IT)
Next by Date:  [FW-1] FW1 NG FP2 - VLAN NIC, bazauas bazueta
Previous by Thread:  Re: [FW-1] Clientless VPN & RADIUS, egonle
Next by Thread:  [FW-1] Smartview Monitor, rrutherford
Indexes:  [Date] [Thread] [Top] [All Lists]