Hi Everyone,
I'm having two problems with user authentication: one with a premature
telnet timeout, and another with a telnet that does not work at all. I am
running CheckPoint FW-1, SP1 on Solaris 7 (Mgt Station) and Nokia
IP650 IPSO 3.2.1.
1) If we have a rule like this:
netwk-x --> netwk-y telnet accept long
I have no problem telnetting to a server in netwk-y.
When I change to:
usergrp@netwk-x --> netwk-y telnet user auth long
I cannot get to netwk-y. The f/w log shows the request
passes successfully through the f/w, but the request hangs
and times out. (I am a user in usergrp, fyi). The destination
server is behind netwk-y's f/w (a Cisco PIX).
2) Telnet sessions to routers outside our f/w where user authentication
is required time out after 10 minutes of inactivity. There is no
timeout
specified in the router config, and we only started having this
problem
when we added user authentication to the rule for this session. I
checked
Policy Properties --> Authentication and User Authentication Session
Timeout is set to 15 minutes. TCP_TIMEOUT is set to 3600 seconds.
I even tried changing the User Auth Session Timeout to 30 minutes but
this had no effect. CheckPoint support does not know why the user
authentication session timeout is not working, but they suggest
modifying
objects.C and adding a AU_TIMEOUT parameter. Does anyone have a
better idea, or at least know what is happening?
Any help would be appreciated. Thanks!
Chris.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
