Claudia,
Client Auth does not work with a URI resource when setting the
authentication to Agent Auto Sign On. It should work with all the other
settings. I know it works with Manual and Partially Automatic using a URI
Resource.
Neil Delacruz
On 1/25/07, Claudia Cordova <ccordova AT sefisa DOT com> wrote:
Does Client Auth work with Resources?
I before tried and I remember that is incompatible.
Client Auth doesn't work with resource, almost in earlier version that
R62.
In R62 authentication work with resource but doesn't with HTTP proto.
Claudia Cordova
Soporte Tecnico
-----Mensaje original-----
De: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] En nombre de fwguru
Enviado el: Jueves, 25 de Enero de 2007 03:01 p.m.
Para: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Asunto: Re: [FW-1] Websense with Client Auth
never mind. I got it to work.
thanks
On 1/25/07, fwguru <fwguru AT gmail DOT com> wrote:
>
> Fellow Gurus -
>
> Has anybody ever implemented a Websense UFP rule with Client Auth? I am
> wondering if the following setup will work:
>
> Group_of_Nets | ANY | http-Websense_UFP | Reject | Log | Note: Websense
> Block rule with URI Resource
> Group_of_Users | ANY | http | Client Auth | Log | Note: HTTP Allow rule
> with Client Auth
>
> Note: Websense is pulling its users from AD. The Client Auth is
> authenticating against a Radius server. By itself, the Client Auth rule
> works and has been working. The Websense is a new turnup. Without the
> Client Auth rule, Websense UFP works as expected. With the Client Auth
rule
> enabled as above, all http traffic is rejected by the fw daemon on
cleanup
> rule. In theory, this should work, or I may be missing something here.
>
> Background:
> NG FP3 on Solaris
> Websense on W2K3
> Managed by P-1 R55.
> Customer's local firewall sits between the Websense box and the CMA. We
> had to NAT the Websense box only to pull the dictionary from the
CMA. The
> OPSEC object was then changed to point back to the un-Natted Websense
> object.
>
> I appreciate your time,
>
> Neil Delacruz
>
>
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
