RES: [FW1] FTP authenticated with HTTP resource

Wed, 23 Aug 2000 12:00:56 -0700 


Hm... Somewhere I remember that maybe authentication and resources cannot
live together because the action / inspection over them occur in different
levels.

Resources are used in application level and auth occurs in network level,
so...


Best wishes

Aylton

-----Mensagem original-----
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]Em nome de
Dominik Miklaszewski
Enviada em: Tuesday, August 22, 2000 11:27 AM
Para: [EMAIL PROTECTED]
Assunto: [FW1] FTP authenticated with HTTP resource



Hi firewallers,
(solaris 2.6 105181-21, fw-1 4.0 SP7)
For a month I've been struggling with a task
how to make ftp sessions ran from a browser
authenticated .. it all comes from the fact that
netscape doesn't support firewall-1 FTP authentication
(like WS_FTP, or coffee_cup ftp does), i was hoping I
was able to push ftp sessions through http resource ..
I created the resource and what I'm getting is the
request for the password like in a normal http session
.. but afterwards it stops, I can see in logviewer the
first part of the session goes out sucessfully but the
it gets stuck..

there are two rules that I hope are OK:

 fw-ext     internet     ftp         accept
 int-group  internet     http->res   user_auth
(int-group  internet     ftp         accept)*

res looks this way:

proxy and transparent matched,
ftp,http schemes matched
host: *:*
path: *
query: *

and I use hideNAT for all internal stuff gouing out to
the Internet, when I put the third rule (*) it
completely skips the rule 2, although the rule 3
itself works - so I'm deducting it can't be a NAT
issue ..

any points on that?
thank you
Dominik

=====
Your rifle is only a tool
it is a hard heart which kills..
             <full metal jacket>
--------------------------------
Dominik M. Miklaszewski
[EMAIL PROTECTED]

__________________________________________________
Do You Yahoo!?
Yahoo! Mail  Free email you can access from anywhere!
http://mail.yahoo.com/


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to