RE: [FW1] reason Not allowed by rulebase resource

Gopinath Pulyankote Tue, 25 Jul 2000 09:31:18 -0700

Christophe
        Not solved yet.
Hope someone on the list would help.
regards
Gopinath
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 25, 2000 5:46 AM
To: [EMAIL PROTECTED]
Subject: RE: [FW1] reason Not allowed by rulebase resource


Hello,

I've got the same problem, How do you solve it ?

regards,
Christophe.

----------------------------------------------------------------------------
----
RE: [FW1] reason Not allowed by rulebase resource
 Forum:     Firewall-1 (Admin)
 Date:        Jul 12, 18:31
 From:       Gopinath Pulyankote <[EMAIL PROTECTED]>

Robert,
 Thanks for responding. Here are my configs. Sorry for the long email
though...

Case 1. This is the First rule in my rule base.
Source: allusers@any
Destination: Internal_webservers
Service: HTTP
Action: User Auth

Network Object group Internal_webservers contains list of Internal web
servers that are defined in the Host fields of Policy->Properties
Setup->Security Servers. E.g.. of one such mapping is
Logical name: employee
Host: Intranet.my_Co.com
Port: 80
Server for Null Server ? Yes
Hence the URL for accessing this site would be
http://MyFirewall.my_co.com/employee/ Right?

User Definitions: LDAP Auth. Works fine for Telnet/FTP with User Auth & also
with Securemote using Client Encrypt. No issues here. Even have a couple of
FW-1 users defined. These too work for FTP/Telnet access.

So, when we try to access the URL, we get the error on the Browsers of
clients. No Pop Up for user authentication at all.
"Error FW-1 at MyFirewall.my_co.com : Access denied."

Log viewer shows the error as:
 Reject by Rule 4: Reason Content Security - Access Denied. resource
http://MyFirewall.my_co.com:80/employee/
Rule 4 is Any->MyFirewall->Any->Drop (The Stealth protection)

Case 2:
 I now add the Fw-1 gateway also in the Network Group Internal_webservers.
This time I get a pop up for user authentication, but after 3 attempts the
browser fails with the error:
"FW-1 at MyFirewall.my_co.com: Unauthorized to access the document.
Authorization is needed for FW-1.
The authentication required by FW-1 for user is: FW-1 password.
Reason for failure of last attempt: FW-1 rule "

On the log viewer:
Reject: Rule 4 reason Not allowed by rulebase resource
http://MyFirewall.my_co.com:80/employee/


What am I missing here? In case 1, how do I get Content Security to work? Is
it a must to have this for reverse proxy to work?? In case 2, what is the
rule that I need to add ?

Thanks once again & sorry for this long email.
Gopinath



-----Original Message-----
From: Robert MacDonald [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 11, 2000 8:30 AM
To: [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: Re: [FW1] reason Not allowed by rulebase resource


Gopinath,

What does the rule look like? What rule drops/rejects
the traffic? Do you have a user defined? What is the
authentication method? Do you get rejected before or
after you press [Enter] for authentication?

You can see where I'm going with this...more info.

Robert

- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]

>>> "Gopinath Pulyankote" <[EMAIL PROTECTED]> 6/27/00 6:57:17 PM
>>>
>
>Hi all,
> Am trying to setup FW-1 as a reverse proxy. Followed the steps mentioned
in
>phoneboy's site. But after creating the required rules & adding the http
>servers under Policy properties setup, I get the following error in the
log:
>Reject "reason Not allowed by rulebase resource
>http://firewall:80/proxied-name
>
>The web browser client prompts for authentication while attempting to
access
>but always gets rejected, with the above lines in the log files.
>
>Can someone guide me through what I am missing here.
>
>Thanks in advance
>Gopinath




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====






----------------------------------------------------------------------------
----









================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
RE: [FW1] reason Not allowed by rulebase resource

Reply via email to
