sk19197 How to allow OWA through the FireWall-1 with user authentication?
might do the trick.
Ray
From: Kevin Peuhkurinen <kevin.peuhkurinen AT HEPCOE DOT COM>
Reply-To: Mailing list for discussion of Firewall-1
<FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Clientless VPN with OWA SSL
Date: Thu, 22 Apr 2004 15:06:34 -0400
I don't think so. I'll give that a try, but am not too hopeful. Just to
give a bit more background,
this is Checkpoint NG BI R55 and Exchange 2003. What I've got is a rule
that looks like:
Users@Any -> ExchangeServer -> HTTPS -> UserAuth
I've tried it with HTTPS protocol set both as HTTP and ENC-HTTP with the
same result. When I try to make
a connection from an external browser to https://exchangeserver/exchange,
it comes back with
FW-1 Access Denied and in the fw log I see:
resource http://exchangeserver:80/exchange
reason: Content Security - access denied
I assume that the problem is that FW-1 is trying to make a regular HTTP
connection on port 80 to
the Exchange server, which will only accept HTTPS on 443.
This seems ridiculous to me... if you don't use SSL between the firewall
and the exchange server,
then all of your user names and passwords are being transmitted in clear
text!
>Did you enable the PROPFIND method in FW-1? OWA 5.5 needs it.
>
>Ray
>From: Kevin Peuhkurinen <kevin.peuhkurinen AT HEPCOE DOT COM
<mailto:kevin.peuhkurinen%20AT%20HEPCOE%20DOT%20COM>>
>Reply-To: Mailing list for discussion of Firewall-1
><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
<mailto:FW-1-MAILINGLIST%20AT%20AMADEUS.US.CHECKPOINT%20DOT%20COM>>
>To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
<mailto:FW-1-MAILINGLIST%20AT%20AMADEUS.US.CHECKPOINT%20DOT%20COM>
>Subject: [FW-1] Clientless VPN with OWA SSL
>Date: Thu, 22 Apr 2004 09:26:53 -0400
>
>Hi all. I've searched through the archives and cannot find an answer to
>this question.
>
>I've got an internal Exchange server with OWA set up for HTTPS access
>only. I cannot seem to get clientless VPN access to work with it.
>Does clientless VPN only work with non-SSL protected web servers?
>
>Thanks,
>Kevin
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
_________________________________________________________________
Stop worrying about overloading your inbox - get MSN Hotmail Extra Storage!
http://join.msn.com/?pgmarket=en-us&page=hotmail/es2&ST=1/go/onm00200362ave/direct/01/
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
