Re: [FW-1] FW-1 Web Server

Wed, 30 Apr 2008 03:11:10 -0700 

Hi Reinhard,

Sorry about this. It was my first time that i write here.

My problem is this:

I have FW-1 NGX-R65 with an internal web server (Win2003 with IIS, DC and 
radius) and I want to external access with one login conection (no [EMAIL 
PROTECTED]).ok?

I create client auth rule (partially automatic) and I activated:

        In guidbedit I change prompt_for_destination from false to true

        "global properties\advanced 
configuration\firewall-1\authentication\client      
authentication\http\hclient_enable_new_interface"

I have good results if I access by IP. (only login once by fw user with radius)

Later I found another option:

        "global properties\advanced configuration\firewall-1\web security\http 
protocol\http_use_host_h_as_dst"

When I active this option, I authenticate in the fw but web server told me to 
authenticate too.

Have you got any idea to send the user and pass like by IP???

Thanks a lot in advanced.

Iñaki Martinez

-----Mensaje original-----
De: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] En 
nombre de Reinhard Stich
Enviado el: miércoles, 30 de abril de 2008 9:12
Para: [email protected]
Asunto: Re: [FW-1] FW-1 Web Server

hi,

this is an international list and the common language here is english.

thanks
reinhard

At 08:57 30.04.2008, you wrote:
>Hola Natxo,
>
>He visto por la mailinglist de Amadeus que andas
>metido en CP y quería hacerte una consulta.
>
>Tengo montado un FW-1 NGX-R65 con un servidor
>Win2003 server con iis, controlador de dominio y radius.
>Lo que quiero conseguir es que cuando te
>conectas desde el exterior ala ip exterior del
>FW por navegador, a la hora de logearte solo
>tengas que poner un usuario y una pass. (donde
>el usuario del FW es radius de Windows).
>
>Haciendo NAT (static) en el servidor web(creando
>un host) con la ip externa del FW y creando una regla:
>
>Src                                         dst
>                        serv       action
>[EMAIL PROTECTED]      svr_web              http
>       client auth(partially automatic)
>
>activo en global properties\advanced
>configuration\firewall-1\authentication\client
>authentication\http\hclient_enable_new_interface
>
>Con esta opción y accediendo por IP me pasa el
>usuario al srv_web correctamente, pero si:
>
>activo en global properties\advanced
>configuration\firewall-1\web security\http protocol\http_use_host_h_as_dst
>
>Que es para que resuelva por nombre.... No me pasa el usuario y contraseña.
>Alguna idea???
>
>Muchas gracias por adelantado
>
>Iñaki Martinez
>
>
>
>Scanned by Check Point Total Security Gateway.
>
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to [EMAIL PROTECTED]
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>[EMAIL PROTECTED]
>=================================================

--
Reinhard Stich          [EMAIL PROTECTED]
Internet Security AG,      1150 Wien, Johnstrasse 29
Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333


Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to