what do you think happened for it to work ? On 1/25/07, fwguru <[EMAIL PROTECTED]> wrote:
never mind. I got it to work. thanks On 1/25/07, fwguru <[EMAIL PROTECTED]> wrote: > > Fellow Gurus - > > Has anybody ever implemented a Websense UFP rule with Client Auth? I am > wondering if the following setup will work: > > Group_of_Nets | ANY | http-Websense_UFP | Reject | Log | Note: Websense > Block rule with URI Resource > Group_of_Users | ANY | http | Client Auth | Log | Note: HTTP Allow rule > with Client Auth > > Note: Websense is pulling its users from AD. The Client Auth is > authenticating against a Radius server. By itself, the Client Auth rule > works and has been working. The Websense is a new turnup. Without the > Client Auth rule, Websense UFP works as expected. With the Client Auth rule > enabled as above, all http traffic is rejected by the fw daemon on cleanup > rule. In theory, this should work, or I may be missing something here. > > Background: > NG FP3 on Solaris > Websense on W2K3 > Managed by P-1 R55. > Customer's local firewall sits between the Websense box and the CMA. We > had to NAT the Websense box only to pull the dictionary from the CMA. The > OPSEC object was then changed to point back to the un-Natted Websense > object. > > I appreciate your time, > > Neil Delacruz > > > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
-- HBooGz:\> ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
