Firewall-1
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [FW-1] Does a stealth rule disable Client Authentication?

from Jean-Paul Baillon [Permanent Link]
Subject: Re: [FW-1] Does a stealth rule disable Client Authentication?
From: Jean-Paul Baillon <JPBaillon AT CONTENTWISE.COM DOT AU>
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date: Tue, 19 Apr 2005 10:11:12 +1000 
The client authentication rules as with all VPN rules should be placed
above the stealth rule as its purpose is to stop rogue connections being
made to the firewall

With VPN and Client auth you need to make a connection to the firewall
in order to proceed


JP

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Sascha
Picchiantano
Sent: Monday, 18 April 2005 9:59 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Does a stealth rule disable Client Authentication?

Hi,

we are running NG and use SecurID to authenticate users. This works
good. However, I implemented a stealth rule (deny traffic to firewall)
and since then Users can't authenticate anymore. I was under the
impression that authentication stuff is handled by implied rules but it
looks as if not. Any idea? What do I have to open up so users can
authenticate?

Oh btw: When users access the Internet with a browser their browser
title bar shows
[ip_address_of_firewall]\fwauthredirect_[long_number_probably_cookie]
and hangs there. This might be related...?

Any suggestions please? :)

Cheers
Sascha

=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [FW-1] RES: [FW-1] Error Checkpoint Secureplataform, fwguru
Next by Date:  Re: [FW-1] Kernel Fault - SPLAT on IBM x336, fwguru
Previous by Thread:  Re: [FW-1] Does a stealth rule disable Client Authentication?, Simon Desmeules
Next by Thread:  Re: [FW-1] Does a stealth rule disable Client Authentication?, fwguru
Indexes:  [Date] [Thread] [Top] [All Lists]