Re: [FW-1] Websense with Client Auth

Thu, 25 Jan 2007 13:20:50 -0800 

How did you get it to work???

Roger Herr

WhyNot? Consulting Services
24165 IH 10 West Suite 217-183
San Antonio, Texas 78257
210-860-3990
Some men see things as they are and say why?
I dream things that never were and say "Why Not?"
                                               -Robert F. Kennedy

Or the original
You see things; and you say "Why?" But I dream things that never were; and I say "Why not?" 
George Bernard Shaw
(1856-1950)
----- Original Message ----- From: "fwguru" <[EMAIL PROTECTED]> 
To: <[email protected]>
Sent: Thursday, January 25, 2007 3:00 PM
Subject: Re: [FW-1] Websense with Client Auth



never mind.  I got it to work.

thanks


On 1/25/07, fwguru <[EMAIL PROTECTED]> wrote:


Fellow Gurus -

Has anybody ever implemented a Websense UFP rule with Client Auth?  I am
wondering if the following setup will work:

Group_of_Nets | ANY | http-Websense_UFP | Reject | Log | Note: Websense
Block rule with URI Resource
Group_of_Users | ANY | http | Client Auth | Log | Note: HTTP Allow rule
with Client Auth

Note: Websense is pulling its users from AD.  The Client Auth is
authenticating against a Radius server.  By itself, the Client Auth rule
works and has been working.  The Websense is a new turnup.  Without the
Client Auth rule, Websense UFP works as expected. With the Client Auth rule enabled as above, all http traffic is rejected by the fw daemon on cleanup 
rule.  In theory, this should work, or I may be missing something here.

Background:
NG FP3 on Solaris
Websense on W2K3
Managed by P-1 R55.
Customer's local firewall sits between the Websense box and the CMA.  We
had to NAT the Websense box only to pull the dictionary from the CMA. The 
OPSEC object was then changed to point back to the un-Natted Websense
object.

I appreciate your time,

Neil Delacruz





=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
================================================= 

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to