Authentication with https does not work. Juan On Fri, 2006-08-11 at 19:18 -0700, no-need to-list wrote: > It is possible that HTTPS initial connection want the digital certificate so > he both the client and the server agree on the encryption method and keys. > Checkpoint can intercept the HTTP traffic but cannot handle the HTTPS > traffic since it is encrypted or will be encrypted. > Just a speculation....have you opened a case? > > > Alan Baker <[EMAIL PROTECTED]> wrote: > Thanks to the replies I have had - which all seem to imply that what I > want to do is not supported by Checkpoint. > > Is that really the case? > > To be clearer, I'm trying to set up a MS Outlook Web Access front end in > the DMZ, talking to the MS exchange server internally. If I leave the > OWA with a rule allowing HTTPS access from anywhere it all works. All > I'm trying to do is add some user authentication to the front end, not > just rely on the MS Outlook password. > > Can anybody suggest what I should be trying? > > Many thanks > > Alan > > > -----Original Message----- > > From: Mailing list for discussion of Firewall-1 > > [mailto:[EMAIL PROTECTED] On Behalf > > Of Alan Baker > > Sent: 08 August 2006 09:21 > > To: [email protected] > > Subject: [FW-1] Help with HTTPS User Authentication > > > > I'm trying to set up an application in my DMZ. This needs > > HTTPS access, and I want to authenticate using "User Authentication". > > > > But I can't get any rule or combination to work. If I use HTTP, the > > FW-1 Username/Password pop-up appears and then I get through > > to the host, but nothing happens when HTTPS is used. Nothing > > shows in the logs as an HTTPS hit at all. > > > > I have created a user, and placed them in a authenticated > > user group. I have created the hosts object. The rule is > > something like: > > > > [EMAIL PROTECTED] host "Any Traffic" http/https "User Auth" "log" etc > > > > As I say, HTTP works, but HTTPS doesn't. If I replace the "User Auth" > > action with "Accept" I get through to the object with both > > protocols. > > > > I'm using Check Point VPN-1(TM) NG with Application > > Intelligence (R55) HFA_04. > > > > Any idea as to where I am going wrong? > > > > Alan > > > > _______________________________________________________________________ > > The information in this email is confidential. It is intended > solely for the addressee. Access to this email by anyone else > is unauthorised. If you are not the intended recipient, any > disclosure, copying, or distribution is prohibited and may be > unlawful. If you have received this email in error please delete > it immediately and contact [EMAIL PROTECTED] > _________________________________________________________________ > > This e-mail has been scanned for all viruses by Star Internet. > The service is powered by MessageLabs. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > > > --------------------------------- > Do you Yahoo!? > Get on board. You're invited to try the new Yahoo! Mail Beta. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= -- Juan Concepcion Support Engineer Crossbeam Systems [EMAIL PROTECTED] PH: (978) 318-7551
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
