never mind. I got it to work. thanks
On 1/25/07, fwguru <[EMAIL PROTECTED]> wrote:
Fellow Gurus - Has anybody ever implemented a Websense UFP rule with Client Auth? I am wondering if the following setup will work: Group_of_Nets | ANY | http-Websense_UFP | Reject | Log | Note: Websense Block rule with URI Resource Group_of_Users | ANY | http | Client Auth | Log | Note: HTTP Allow rule with Client Auth Note: Websense is pulling its users from AD. The Client Auth is authenticating against a Radius server. By itself, the Client Auth rule works and has been working. The Websense is a new turnup. Without the Client Auth rule, Websense UFP works as expected. With the Client Auth rule enabled as above, all http traffic is rejected by the fw daemon on cleanup rule. In theory, this should work, or I may be missing something here. Background: NG FP3 on Solaris Websense on W2K3 Managed by P-1 R55. Customer's local firewall sits between the Websense box and the CMA. We had to NAT the Websense box only to pull the dictionary from the CMA. The OPSEC object was then changed to point back to the un-Natted Websense object. I appreciate your time, Neil Delacruz
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
