[FW1] Session Auth and WebSense

Tue, 09 Jan 2001 04:20:02 -0800 


I have the same problem but the solution provided by George Freeman
seems not to work.
Any more suggestion?

Thank

Gabriella Attanasio 
Vem Sistemi Spa 
Via Degli Scavi 36 
47100 Forli' - Italy 
Tel: + 39 0543 725005 
Fax: + 39 0543 725277 
Mobile: + 39 (0)348 9004656 
e-mail: [EMAIL PROTECTED] 

   


-------------------------------------------------------------------------
Timothy,

Try this:

Localhosts   any   http->blockedbywebsense   Reject
Localhosts   any   http                      Session Auth

The first rule should be set to match only on undesireable sites (Adult,
Games, etc.) and will only work if users go to objectionable sites.  The
second rule should pick up a legitimate attempt (after WebSense has a chance
to scrub) and prompt for Session Auth.  Let me know if this works!

George Freeman
Senior Security Consultant
RISCmanagement, Inc.
5770 Roosevelt Blvd.
Clearwater, FL  33760
(727) 530-0444 
http://www.riscman.com


-----Original Message-----
From: timothy jones [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 27, 2000 8:21 PM
To: [EMAIL PROTECTED]
Subject: [FW1] Session Auth and WebSense



Having issues with Session Authentication.  I am trying to get
Session Authentication and WebSense to work.  When I put
the Session Authentication Rule, after the WebSense Rule,
I get a reject log entry saying 'Session Authentication is
not allowed'.  If I put it before the WebSense rule,
things work fine, but the WebSense rule is never applied.
I tried User Auth, but most of my users use notebooks and
docking stations, and using the Firewall as a Proxy,
is not a good option, as I don't want to enter the
username/password for each different Web Site.
This Works, but bypasses WebSense:
   Localhosts   any   http                      Session Auth
   Localhosts   any   http->blockedbywebsense   Accept
   Localhosts   any   http                      Reject
This Always rejects:
   Localhosts   any   http->blockedbywebsense   Accept
   Localhosts   any   http                      Session Auth
   Localhosts   any   http                      Reject

Any suggestions or other ways to do this??
I'd really like to use Session Authentication,
and not User Authentication.  Client Authentication does the same things as 
Client Authentication, but I need the
Session Authenciation for the Windows Terminal Server Users.

TIA!




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to