Re: [FW1] SecureID and FW-1

Wed, 21 Jun 2000 07:06:58 -0700 


Kevin,

Did you by any chance copy the ACE configuration file to /var/ace (if on
a UNIX platform) on the firewall module?  Here's a couple of related
links which will probably be very helpful:

http://www.phoneboy.com/fw1/faq/0361.html ; Phoneboy's ACE config doc
http://support.checkpoint.com/kb/docs/public/firewall1/3_0b/pdf/ace.pdf

I just ran into a similar problem, and after following the precise
instructions in the Check Point document, all worked well.  Hope this
helps!

Jason

Kevin Leong wrote:
> 
> Hi there.....
> 
> Has anyone here have any experiences in implementing SecureID within a
> firewalled (Checkpoint FW-1 4.1) network? I am currently testing client
> authentication using SecureID with the firewall.  The connection runs well;
> users are prompted with username and passcode when they log in using telnet
> and http.  But they could not be authenticated and the error in ACESERVER
> says ACCESS DENIED, PASSCODE INCORRECT.  I have verified with all the
> passcodes and the username, and they are all correct.  Other than that, the
> rule used in FW-1 is Source(testusers@any) to Destination(Ace Server) Any
> Services using Client Authentication.
> 
> Another thing is, the log viewer states that the user uses an unknown
> service to nowhere (destination is blank) and is rejected by rule 0.  I have
> not reach the state of implementing any anti-spoofing yet, so the rule 0
> could not be related to that.
> 
> Do I have to allow any special ports for SecureID to run properly??  Any
> suggestions or comments regarding (or not at all) this matter pls drop me a
> line....needing it urgently!!!!
> 
> Thanks!!
> 
> Kevin
> ________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to