I would definitely put all ipsec and client authentication rules above the stealth rule.
- - - - - Contact us for your Security Training! http://www.avance.info/ATC - - - - - Simon Desmeules AVANCE Services R�seaux 440 Boul. Ren� L�vesque ouest, 15 �me �tage Montr�al, (Qu�) H2Z 1V7 [EMAIL PROTECTED] T:514 866-0271 #140 | F:514 866-7631 | C: 514 712-3309 -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Neil Kemp Sent: Monday, April 18, 2005 10:08 AM To: [email protected] Subject: Re: [FW-1] Does a stealth rule disable Client Authentication? I would make sure that the authentication rules are above the stealth rule. That way it hits the authentication rule before being dropped by the stealth rule. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Sascha Picchiantano Sent: 18 April 2005 12:59 To: [email protected] Subject: [FW-1] Does a stealth rule disable Client Authentication? Hi, we are running NG and use SecurID to authenticate users. This works good. However, I implemented a stealth rule (deny traffic to firewall) and since then Users can't authenticate anymore. I was under the impression that authentication stuff is handled by implied rules but it looks as if not. Any idea? What do I have to open up so users can authenticate? Oh btw: When users access the Internet with a browser their browser title bar shows [ip_address_of_firewall]\fwauthredirect_[long_number_probably_cookie] and hangs there. This might be related...? Any suggestions please? :) Cheers Sascha ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ##################################################################################### This e-mail message has been scanned for Viruses and Content and cleared by 3DMail ##################################################################################### ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Consulter notre page web pour votre formation en S�curit� informatique! Consult our website for your Security training needs! http://www.avance.info/formationFr.htm ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
