Hey all,
NG FP3
https://secureknowledge.us.checkpoint.com/SecureKnowledge/login.do;jsessionid=C3C14B732E853A9FF0EAF8D20E80CB69.instance11?OriginalAction=solution&id=sk26655
says that everytime I do a Policy install, all manual client authentication
sessions get wiped out of the connection table and users have to
reauthenticate. One of the workarounds is to put FW1_clnauth_http (900/tcp) in
the rule, and check the "Keep connections open after Policy has been installed"
box.
Question is: Why doesn't it work if I just use "Any" in the rule?
FW1_clnauth_http says "Match for 'Any'" so using "Any" includes that protocol
in the rule.
And does this problem also exist in later versions? I'm trying to decide if I
need to address this long-term (use a different authentication method) or just
upgrade and be done with it.
> Thanks!
> -Kiat
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
