Hello I'am using FW-1 NG FP3 with the latest hotfixes. I have a problem with http through proxy on 443 port. I made changes in fwauthd.conf (added line "443 fwssd in.ahttpd wait 0") and bounce firewall. Next I changed a servis hhtps -> advanced -> Protocol type: HTTP, and resource: with proxy and tunneling enable and in field match there is "*:443".
So I made a rule like this: users@netslocal -> any -> hhtps->https_resource -> Client Auth -> log -> any_time There is no problem with https via proxy but https doesn't want to work. I tried to move this rules as the first in policy editor. Then I tried to change authentication on User Auth and still the same. In Knowledge base on CheckPoint site I found description what to do to make https through proxy. I used GUIDBedit to change lines: http_connection_method_proxy true - default is false http_connection_method_transparent true http_connection_method_tunneling true - default is false In Global properties -> firewall properties This operation also didn't do anything positive. Can You help me what to do to make it work? Thanks a lot for any help Pawel Serwatko Firewall administrator mailto:[EMAIL PROTECTED] -----Original Message----- From: Mauricio Munoz [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 30, 2003 12:11 AM To: [EMAIL PROTECTED] Subject: Re: [FW-1] user authentication with HTTPS Hello, When you use user auth, you are arising security servers, so, if you want to use user auth with https, you have to add a line within fwauthd.conf. To add that line, copy the line for port 80, and change the port number to 443 (ssl). Before changing the file, make a backup, and after the changes were made, bounce the firewall service. ==================================== Mauricio F. Muñoz Quevedo Security Consultant ============================================== |---------+----------------------------------------------> | | "Gil, Ruben" <[EMAIL PROTECTED]> | | | Sent by: Mailing list for | | | discussion of Firewall-1 | | | <[EMAIL PROTECTED]| | | kpoint.com> | | | | | | | | | 29/01/2003 02:47 p.m. | | | Please respond to Mailing list for | | | discussion of Firewall-1 | | | | |---------+----------------------------------------------> >----------------------------------------------------------------------------------------------| | | | To: [EMAIL PROTECTED] | | cc: | | Subject: [FW-1] user authentication with HTTPS | >----------------------------------------------------------------------------------------------| Hello, I´d like to know how to configure user authentication with HTTPS (without logical server, if it was posible). The firewall version is NG FP2. Thanks, ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
