I would definitely put all ipsec and client authentication rules above the
stealth rule.
- - - - -
Contact us for your Security Training!
http://www.avance.info/ATC
- - - - -
Simon Desmeules
AVANCE Services Réseaux
440 Boul. René Lévesque ouest,
15 ème étage
Montréal, (Qué)
H2Z 1V7
sdesmeules AT avance DOT info
T:514 866-0271 #140 | F:514 866-7631 | C: 514 712-3309
-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLIST AT
AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Neil Kemp
Sent: Monday, April 18, 2005 10:08 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Does a stealth rule disable Client Authentication?
I would make sure that the authentication rules are above the stealth rule.
That way it hits the authentication rule before being dropped by the stealth
rule.
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Sascha
Picchiantano
Sent: 18 April 2005 12:59
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Does a stealth rule disable Client Authentication?
Hi,
we are running NG and use SecurID to authenticate users. This works
good. However, I implemented a stealth rule (deny traffic to firewall)
and since then Users can't authenticate anymore. I was under the
impression that authentication stuff is handled by implied rules but it
looks as if not. Any idea? What do I have to open up so users can
authenticate?
Oh btw: When users access the Internet with a browser their browser
title bar shows
[ip_address_of_firewall]\fwauthredirect_[long_number_probably_cookie]
and hangs there. This might be related...?
Any suggestions please? :)
Cheers
Sascha
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
#####################################################################################
This e-mail message has been scanned for Viruses and Content and cleared
by 3DMail
#####################################################################################
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
Consulter notre page web pour votre formation en Sécurité informatique!
Consult our website for your Security training needs!
http://www.avance.info/formationFr.htm
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
