Ok,
First, I appreciate everyone's patience with me on this...like I said
before, we have always been inside looking out, never outisde looking in.
This is the rule set I currently have defined:
Source Dest Service Action Track
<net@any> any http ClientAuth Long
I have a translation that is:
Source Dest Service == Source Dest Service
Any Net any orig NetIn(s) orig
Here is what I am expreriencing:
I start a telnet:259 to the public side of the firewall and get
authenticated. Log shows me authenticated.
I launch the browser and go to the internal address (NetIn)on the web server
I am trying to get to.
I then get back from the Firewall either one of two things:
Error
Server at checkpoint:Access Denied
or
The page cannot be displayed
There is no level of consistency on the errors.
I can see in the browser where it has translated to my new
destination....but it doesn't sem to make it. One thing I thought of is
that, unfortunately, the LAN that this is on is configured with a
public/routable address...something my predecesor did; it is a Class A net.
Could it be that the browser is really trying to find a web server in the
world?
Thanks again for the help!!!
Tom
-----Original Message-----
From: Mike Glassman - Admin [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 18, 2000 01:57
To: 'Pellowski, Tom'
Cc: 'fw-1 listserv'
Subject: RE: [FW1] Outside coming In
Tom,
When you try to access the internal web server after authentication, which
IP address do you try access it with ? The internal or the NAT'd address ?
If with the internal, it won't ever be able to, for the simple reason that
you are not on the internal network at all.
So make sure you'r trying to access the NAT'd address for that server, and
make sure the NAT'd address is a Static on and not a Hide one.
Mike
> -----Original Message-----
> From: Pellowski, Tom [SMTP:[EMAIL PROTECTED]]
> Sent: a eaie 17 2000 20:51
> To: fw-1-mailinglist@lists. us. checkpoint. com (E-mail)
> Subject: [FW1] Outside coming In
>
>
> Hi again,
>
> Under a previous question under the heading of "Ideas?" I asked about an
> outsider getting thru the FW1 to a web server (intranet). The replies I
> received were great. However, I can't seem to get this to work correctly.
>
> I set up a client auth and get authenticated ok. Log says so and telnet
> tells me that I am authenticated with 1 rule. But when I try to get to the
> web server on the inside I get the classic page cannot be found.
>
> This is killing me...what does the client need to do to access a web
> server
> on the inside after he is authenticated? Dumb question, I know. But I have
> never had to do this. We have always been inside looking out.
>
> This is a rough of what I have:
>
> outside(?)-->fw-auth-->internal net-->web server
>
> BTW, some mentioned the http authentication on port 900. Uh, I guess that
> is
> not available on v3.0b. So I have the telnet:259 to deal with.
>
> I appreciate the inputs....
>
> Tom
>
>
> ==========================================================================
> ======
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
