NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Session Authentication Agent and Setup.ini / Wanted: Better Authe ntication



Hello,

I'm testing Check Point's Session Authentication Agent and would like more
information on configuring Setup.ini. 

Quote from Check Point's docs:

"The SETUP.INI file in the DESKTOP PRODUCTS\SESSIONAGENT directory enables
you to
pre-configure the Session Authentication agent. This feature is useful if
you plan to
distribute the Session Authentication agent to many users and you do not
want them
to configure the agent themselves." -- SecAdmin.pdf pg. 521/549

The problem is that the documentation mentions the setup.ini, but does not
document any of the options. The documentation picks up on a new subject
after giving an example of the setup.ini file.

Example Setup.ini Configuration:

[FireWall]
IPAddress=
Any=FALSE
[Cache]
Method=Every time
Timeout=30

My setup.ini file includes the following entries so far:

[FireWall]
IPAddress=w.x.y.z
Any=FALSE

[Cache]
Method=Once
Timeout=30

[SSL]
AcceptClear=FALSE

[Startup]
AppName=Session Authentication Agent
FreeDiskSpace=2479
EnableLangDlg=Y

As you can see, I have discovered an option for the Method= line by trial
and error. I would like to know how to disable the resolve addresses option.


Shortly after I started working with Check Point Firewall-1, I started to
wonder how such a highly rated product could have such poor client computer
authentication options. User Auth, Client Auth, Session Auth? MetaIP? Is it
just me or should the industry be able to come up with something a little
more functional? After using Microsoft Proxy Server v2, it seems like
Microsoft's authentication is functional, but perhaps not secure. Session
Auth and MetaIP may be more secure than Microsoft's authentication, but they
are not as functional. I challenge the industry to come up with a technology
that offers the best of both worlds. 

Actually, MetaIP looks like it could be offer all of the features I am
looking for. How well does MetaIP work in a Windows 2000 Active Directory
environment? What does the future of MetaIP look like?

Kevin Palmer 
Network Engineer - MCSE+I, CCSE
Granite Solutions, Inc. 
P:P:F:http://www.gsite.com



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.