Many thanks for your reply, I tried to create your rule, but User groups are only allowed for authentication rules, so I cannot add the rule that you recommend. I have a rule like this fwusers@any -> Firewall -> http -> User Auth. Can I not use this rule?
The version is NGFP2 on Nokia 330 ---------------------------------------------------------------------------- ------------------------------------------------------- Mitchell Silver Network Manager Anite Calculus Ltd Calculus House Tel: +44 (0) 20 7435 0070 6 Hampstead Gate Fax: +44 (0) 20 7794 1199 1A Frognal Mob: +44 (0) 07967 094 953 London NW3 6AL United Kingdom Email:[EMAIL PROTECTED] ---------------------------------------------------------------------------- ------------------------------------------------------- This email is from Anite Calculus Limited. The e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> or telephone +44 (0) 20 7435 0070. Any views expressed by an individual within this e-mail, which do not constitute part of a legal contract, do not necessarily reflect the views of the company. ---------------------------------------------------------------------------- ------------------------------------------------------- -----Original Message----- From: Sadir [mailto:[EMAIL PROTECTED]] Sent: 15 October 2002 10:46 To: [EMAIL PROTECTED] Subject: Re: [FW-1] HTTP Security Servers don't work!!!! Did you try connecting to port 900 on your authentication server? Is it a 4.1 or NG or is it earlier? http://foorbar.star.net.uk:900 <http://foorbar.star.net.uk:900> thats the authentication port for HTTPS it is more complicated than that. the rule must look something like this dummy@any <mailto:dummy@any> firewall(secure server ip) http accept log logging is a great asset no need to pull your hair out ;) /// Sadir Mitchell Silver wrote: >I've been trying to configure HTTP Security Servers, on NG FP 2/ NOKIA >330 to allow HTTP and HTTP connections through to pre-defined servers, >but can't get them to work at all. > >I've followed all of the knowledge base articles, e.g. changing >prompt_for_destination to "true" and editing fwauthd.conf, but without >any success. >I've defined 2 HTTP servers in the security servers page of Global >Properties, and I've created a user authentication rule to allow >connections to the servers for HTTP and HTTPS, but the pages cannot be >reached. >There must be something simple that I've neglected to do - does anybody >have any idea what it is? > >I've been pulling my hair out over this - and would be grateful for any >hints or tips. > >________________________________________________________________________ >This e-mail has been scanned for all viruses by Star Internet. The >service is powered by MessageLabs. For more information on a proactive >anti-virus service working around the clock, around the globe, visit: > <http://www.star.net.uk> http://www.star.net.uk >________________________________________________________________________ > > > ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
