fwguru: > I don't know from your email if your are authenticating inbound or > outbound HTTP. For outbound HTTP, check to see that no other rules > will accept unauthenticated outbound HTTP. Otherwise, it will skip > the client-auth rule, and the connection will be accepted by the less > restrictive (non-authed) outbound HTTP rule, even if the outbound rule > is below the client-auth rule.
that I don't really understand. I want to use outbound HTTP. Currently my rule base has one unauthenticated rule, that allows a single machine (web cache) to access the Internet using HTTP. Then, later on below that rule I have the client auth rule. This works just fine. Now if I'd place the client auth rule before the stealth (and thus before the unauthenticated HTTP) rule, the web cache will no longer be able to access the internet - unauthenticated that is. Here is what I currently have: 1. - allow HTTO outbound, unauthenticated, source: web cache server 2. - allow HTTP outbound, client auth, source: any Note that I have about 200 rules and that the two mentioned here are not numer 1 and 2, it's just to illustrate how they are ordered. I want to place a stealth rule on top of the rule base - where it belongs. If I get you right I place a new rule before the stealth rule that allows HTTP, source local LAN, destination firewall. Would that be enough to allow the clients to authenticate? Is the authentication done over HTTP or does it use some other protocol? Which one? Thanks, Sascha ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
