The instructions listed below are for FW1-4.0, but they work for FW1-4.1.
The down side to this suggestion is that you need to do client side
configuration to get it to work. I would also suggest getting the User
Authentication to work under Http first for testing purposes and then
switching it to Https.
MAKE A COPY OF THE FILE FIRST!!!!!
1. Stop the FireWall using the fwstop command.
2. Modify the file $FWDIR/conf/fwauthd.conf. Add the following at
the top of the file:
443 in.ahttpd wait 0
3. The entry should be similar to others that are already listed in
the file. (Be aware on NT: When you open this file with edit.com from
the command prompt, it will only recognize 8.3 file names. You can
verify that you are in the proper file because you will see several
lines similar to the one listed above).
4. Re-start the FireWall using the fwstart command.
5. Start the Policy Editor and go to Manage > Services, and edit the
HTTPS service.
6. Re-define the 'Protocol Type' as a URI.
7. Ensure that the authentication method used is enabled in the FireWall
object.
8. Place the users in a group.
For this example, we will use 'User_Auth_group' as the source of this
rule.
9. Ensure that there are no existing rules that allow HTTPS, and create
a new rule as follows:
User_Auth_Group@<any> / Any / HTTPS / User Auth
/ Long
10. Edit the User Auth action of this rule and define 'All Servers'.
11. Install this policy.
12. Modify the Client's machine that is being Authorized for HTTPS:
13. Open the browser and edit the Proxy properties to reflect a change
for Security or HTTPS Proxy, and point it at the internal FireWall
interface, port 443.
At this point you should be able to enter an address such as
https://www.firemail.de
(or equivalent) in the browser, and a User Authentication box should
pop up.
1. Enter Username the password.
2. Verify that the site loads.
-----Original Message-----
From: ns dillon [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 29, 2000 11:55 PM
To: [EMAIL PROTECTED]
Subject: [FW1] https authentication
how do you enable user authentication for https
service ? fw1-41
Thank You
__________________________________________________
Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
