Hi, Configuring Client Authentication should be straight-forward, no need to configure anything in the browser.
Make sure you have a user configured with authentication. Add a rule with client authentication for HTTP (and HTTPS), keep all defaults and install the policy on the cluster. Open a browser and type http://<cluster IP>:900 where <cluster IP> is the internal cluster IP address. Firewall will challenge you for username, then for password and finally for a Method (keep the default: Standard Sign-on). After you pass a successful authentication you can access the web from the authenticated machine. For more information and advanced authentication options, please contact me. Reuven Harrison Tufin Technologies http://www.tufin.com > -----Original Message----- > From: Fabio Maria Teti [mailto:[EMAIL PROTECTED] > Sent: Saturday, February 21, 2004 12:37 PM > Subject: Client Authentication problem > > > Hi All, I have a problem with NGwAI R54 and Client Authentication. > > Well, I start with a simple default CP configuration with two FW-1 in > cluster > on two IP330 NOKIA and check the Client Authentication. > > 1: If I write a URL in my browser to connect to a remote site, Firewall-1 > redirect the browser to his IP address and to port 80, and every thinks > stops. > > 2: If I configure the IP address of the Cluster like "http proxy" in my > browser, the authentication starts but the firewall return an error because > the option http_proxy_mode is not set (and this event is ok, because I don't > want a proxy configuration), but if at this moment if I remove the proxy > configuration in my browser and try to connect to the remote site, every > thinks works fine. > > I studied some documentation about firewall-1 and I explain what I think > about: probably the redirection to the security server of the firewall is > right for client authentication, but in this way the original URL is losen > and the firewall is not be able to find the remote site, so Client > Authentication doesn't start. With the proxy configuration on the browser I > send to the > firewall the remote site URL , so authentication starts, but the firewall > doesn't work like a proxy, so return an error but open the proper rule to > trust the client and leave the connection free when I remove the proxy set > in > the browser and connect succesfully to the remote site. > > I am becoming crazy with my problem... can anybody help me? > > Thankyou thankyou... very very much! > > Fabio Teti ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
