Sergio, this is the default behavior of User Authentication and will require an
authentication for every connection. For example, if you go to msn.com, it will
prompt you for about 15 authentications because the authentication realm is
different ( check out the auth header window ).
Deployment of user authentication isn't normally used for INTERNET usage
because of this annoyance it causes users, client authentication is more
reasonable however be aware of how it authenticates.
User auth is very secure and often used for specific web servers requiring few
connections.
Regards,
Simon.
- - - -
Check out the Syngress NGX book!
http://www.syngress.com/catalog/?pid=3340
- - - -
GoSecure Inc.
407 McGill # 900
Montréal, QC H2Y 2G2
tél.: 514.287.7427 x229
fax.: 514.287.9734
Urgence 24 heures 1-888-287-5858
-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLIST AT
AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Sergio Alvarez
Sent: Tuesday, January 30, 2007 4:05 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] User Authentication issue
Hello,
I just helped a customer to configure User Authentication for HTTP for a
small group of users that reside on a DMZ. We created the users (with CP
password authentication), the group of users and the rule on which that
group, restricted to the DMZ network, is the source, the destination is any,
the service is HTTP and the action has User Authentication, on which we
selected the option "HTTP: All servers" in opposition of the default
"predefined servers".
When the users try to browse a web page, they get the authentication
challenge and they get authenticated ok, but then every time they click on a
new link, the challenge window comes up again and they have to authenticate
one more time in order to continue. Seems like even when it is User
Authentication, is behaving like Session Authentication.
We checked the User Authentication Session Time out and it is on the default
setting of 15 minutes both on Global Properties and the gateway object,
which by the way is an active/standby HA pair.
Everything is NGX R61 and runs over SPLAT.
Has anyone seen this before? I don't seem to find an answer on the SK.
Thanks in advance for the help.
Regards
--
Sergio Alvarez
(506)8301342
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
