Ray, I'm sure Apache would support whichever authentication method you are looking at (PKI?).
Chris -----Original Message----- From: Ray [mailto:[EMAIL PROTECTED] Sent: Mon Oct 24 19:04:21 2005 To: [email protected] Subject: Re: [FW-1] R55 Clientless VPN questions Thanks, Chris. We're trying to stick to just one authentication scheme that doesn't involve user names and passwords. Ray >From: "Covington, Chris" <[EMAIL PROTECTED]> >Reply-To: Mailing list for discussion of Firewall-1 ><[email protected]> >To: [email protected] >Subject: Re: [FW-1] R55 Clientless VPN questions >Date: Mon, 24 Oct 2005 13:54:54 -0400 > >How about setting up an Apache or Squid box in your DMZ to reverse proxy >the site? Make sure some kind of authentication is required first, of >course. > >Chris > > -----Original Message----- >From: Ray [mailto:[EMAIL PROTECTED] >Sent: Sat Oct 22 12:36:18 2005 >To: [email protected] >Subject: [FW-1] R55 Clientless VPN questions > >We're running SecureClient with SCV activated and enforced. I have a need >to >allow a few customers access to an internal web server via SSL but from any >IP address. I know I could use Connectra, but spending several thousand >dollars for just a few people is a bit expensive. > >If I understand the R55 "Clientless VPN" capability correctly, it looks >like >it could do the trick. I understand it's not really scalable but we're >talking about less than a dozen computers and at different times of the day >and night. I've got plenty of CPU and memory capacity available for the >security server that will be invoked. > >Clientless VPN seems to be nothing more that using am ICA-generated client >certificate to authenticate a particular computer to the system, the same >as >is done for gaining access to the ICA web interface on port 18265. Is this >correct? > >Since there is only one remote access community and because we enforce SCV >compliance before allowing a connection with SecureClient, can I still use >the Clientless VPN? From the meager documentation I've found, it looks like >Clientless VPN is not really considered remote access like SecuRemote and >SecureClient are so SCV doesn't come into play. > >Is Clientless VPN still supported in NGX? > >Would it be better to setup the firewall to accept Microsoft's L2TP >connections? I would rather the outside companies just be able to open the >browser, go to the SSL URL and see their login page. We also don't want to >get into the hassle of installing any client software at all, like SNX. I >don't need those kinds of headaches. > >Thanks for any help, > >Ray > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
