[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] NT user authentication
There are several ways to do this. If you use just the client auth rule, then your users must telnet to the firewall and authenticate (or use the http://firewall:900 . Many companies see this as being "intrusive" You can also use session authentication, but this requires an agent on every pc (or someone sitting at a desk authenticating everyone! You can also user auth for the rule. This works terribly because the user be forced to re-authenticate on every URL, unless you use the firewall's IP address as the proxy server in the browser. The method I have seen that works the best is the user/client auth hybrid rule. Something like this: Allusers@any ANY WWW UserAuth Allusers@any ANY WWW ClientAuth You will also want to add another rule after these to allow access to other services, as this only affects www port80. here's a good faq on it. If you do not plan this fully, it will drive you to near hanging yourself. -----Original Message----- From: Dave Hood [mailto:[email protected]] Sent: Wednesday, September 27, 2000 7:02 PM To: [email protected] Subject: [FW1] NT user authentication Hi Guys, I've read some of the lists archives about this but I'm still not 100% on it. I am wanting to authenticate my internal network's NT users for web access. The firewall (4.1) is a BDC in the domain. Am I correct in saying that all i do is set the authenication rule to the OS for the www service? So, when a user tries to connect to the web does a box pop up asking for a username/password, or is it all handled transparently?, or do I need a client installed on the PCs. I have also read that the user may have to go to http://firewall:900 and then type in their username/password? Sorry for what is probably a real basic question, but i'm new to this! Thanks, Dave ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== begin 600 Implicit Client Auth.url M6TEN=&5R;F5T4VAO<G1C=71=#0I54DP]:'1T<#HO+W=W=RYP:&]N96)O>2YC M;VTO9G<Q+V9A<2\P,3`P+FAT;6P-"DUO9&EF:65D/34P149&-CDS-#4R.4,P &,#%&-PT* ` end ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|