Why don't you use partially automatic client authentication and eliminate the need for the first rule?
Joseph Doerrer, CISSP, CISA Information Security Practice Manager CIBER , Inc. 252 Fernwood Avenue Edison, NJ 08837 ph: (732) 225-1700 Ext. 522 email: [EMAIL PROTECTED] -----Original Message----- From: Ajay Mal [mailto:[EMAIL PROTECTED] Sent: Thursday, April 03, 2003 5:53 AM To: [EMAIL PROTECTED] Subject: [FW-1] Theoretically applicable Rule mismatches the actual traffic Hi! On a FW (Checkpoint -SUN) ip address, Following rule is made Source Dest Service Action 192.9.200.0 100.100.100.0 port 259 [EMAIL PROTECTED] 140.100.1.2 http Client Auth The user (user1) with IP 192.9.200.1 telnets into port 259 of FW (IP 100.100.100.1) and gets authenticated. Now this user tries to http to destination 140.100.1.2, but the packet gets dropped by FW (as see in logs).The rule which drops is the last rule in FW which is meant to drop everything, this means that the rule mentioned above is not allowing this user to do the said transaction. Why is this happening. Is anything wrong above.? Regards Ajay ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
