Create rule using the ftp/http service (you can create two rules), and place it above the Stealth rule with the Action as Client Auth.
I don't know from your email if your are authenticating inbound or outbound HTTP. For outbound HTTP, check to see that no other rules will accept unauthenticated outbound HTTP. Otherwise, it will skip the client-auth rule, and the connection will be accepted by the less restrictive (non-authed) outbound HTTP rule, even if the outbound rule is below the client-auth rule. -fwguru On 4/21/05, Sascha Picchiantano <[EMAIL PROTECTED]> wrote: > ok, let me rephrase, maybe there is an answer. Because otherwise I would > have to completely rearrange my rule base, which is something I don't > really want to do: > > What service/port do I need to open so that my users can use the > firewall's authentication feature? I am looking into client auth and > only need it for http/ftp.... > > Thanks, > Sascha > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
