Two quick things: 1. Did you push rules after change the properties to all servers?
2. What is the Session Timeout for User Authentication? Look under Properties -> Authentication. HTH Yim --- PAPADONIKOLAKIS KIPRIANOS <[EMAIL PROTECTED]> wrote: > Hello All, > > I am trying to make user authentication work for > accessing a web server, but > run into problems. After three continuous > authentication attemts I get the > following error: > > 401 Forbidden > User Authentication Required for dave > Authentication Method required for dave: FW-1 > password > Reason for failure: FW-1 rule > > And at the log viewer > > denied by rulebase resource > http://xxx.xxx.xxx.xxx:80/ > > On the contrary it works ok with telnet > > I have found a "remedy" in the checkpoint site > suggesting it was because the > default property for User Authentication HTTP > servers is Predefined rather > than All Servers, but this problem occurs after I > select "All Servers" as > well. > > Problem Environment: > FW-1/VPN-1 4.1 SP5 > NT WS 4.0 SP6a > Firewall Password authentication method ticked under > the Firewall network > object Authentication Tab > All Servers ticked under user authentication > properties tab > Password is correct! > > Rulebase: > 1. group@any web_server http UserAuth > Long > 2. Any Any Any > Drop Long > > The web page is a simple "Hello" so no > re-authentication requests for every > gif, jpg etc. as it would be required by the nature > of http protocol > > I tred using it with RSA Ace Server as well and can > see that the > username/passcode is accepted by the server but keep > getting authentication > requests as with the fw-1 password authentication > scheme > > It works with Client Authentication option so my > interest in this is just > for self-information. > > Thanks in advance > > Zach > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= __________________________________________________ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
