RE: [FW1] NT user authentication

Thu, 28 Sep 2000 05:54:10 -0700 


There are several ways to do this.

If you use just the client auth rule, then your users must telnet to the
firewall and authenticate (or use the http://firewall:900 . Many companies
see this as being "intrusive"

You can also use session authentication, but this requires an agent on every
pc (or someone sitting at a desk authenticating everyone!

You can also user auth for the rule. This works terribly because the user be
forced to re-authenticate on every URL, unless you use the firewall's IP
address as the proxy server in the browser.

The method I have seen that works the best is the user/client auth hybrid
rule.
Something like this:

Allusers@any    ANY      WWW      UserAuth
Allusers@any    ANY      WWW      ClientAuth

You will also want to add another rule after these to allow access to other
services, as this only affects www port80.
here's a good faq on it.

If you do not plan this fully, it will drive you to near hanging yourself.



-----Original Message-----
From: Dave Hood [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 27, 2000 7:02 PM
To: [EMAIL PROTECTED]
Subject: [FW1] NT user authentication



Hi Guys,

I've read some of the lists archives about this but I'm still not 100% on
it. I am wanting to authenticate my internal network's NT users for web
access. The firewall (4.1) is a BDC in the domain. Am I correct in saying
that all i do is set the authenication rule to the OS for the www service?
So, when a user tries to connect to the web does a box pop up asking for a
username/password, or is it all handled transparently?, or do I need a
client installed on the PCs.  I have also read that the user may have to go
to http://firewall:900 and then type in their username/password?

Sorry for what is probably a real basic question, but i'm new to this!

Thanks,

Dave





============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


begin 600 Implicit Client Auth.url
M6TEN=&5R;F5T4VAO<G1C=71=#0I54DP]:'1T<#HO+W=W=RYP:&]N96)O>2YC
M;VTO9G<Q+V9A<2\P,3`P+FAT;6P-"DUO9&EF:65D/34P149&-CDS-#4R.4,P
&,#%&-PT*
`
end


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to