The client authentication rules as with all VPN rules should be placed above the stealth rule as its purpose is to stop rogue connections being made to the firewall
With VPN and Client auth you need to make a connection to the firewall in order to proceed JP -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Sascha Picchiantano Sent: Monday, 18 April 2005 9:59 PM To: [email protected] Subject: [FW-1] Does a stealth rule disable Client Authentication? Hi, we are running NG and use SecurID to authenticate users. This works good. However, I implemented a stealth rule (deny traffic to firewall) and since then Users can't authenticate anymore. I was under the impression that authentication stuff is handled by implied rules but it looks as if not. Any idea? What do I have to open up so users can authenticate? Oh btw: When users access the Internet with a browser their browser title bar shows [ip_address_of_firewall]\fwauthredirect_[long_number_probably_cookie] and hangs there. This might be related...? Any suggestions please? :) Cheers Sascha ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
