Hi all,
I'm interested in allowing authenticated access to internal web server to
external users. I have FW-1 4.1 with only 2 NICs (no DMZ).
What's the best way between:
1) Static NAT for every internal web server
2) Security Server?
I think HTTP Security Server is better but can I use it with unofficial
internal networks? Until now, I wasn't able to create an HTTP Security
Server. Is the following step-by-step procedure right?
I defined a Security Server in Properties:
Logical name: freedom
Host: <internal IP address>
Port: 80
Reauthentication: none
Server for Null Request: checked
and I inserted two rules:
1) Any - FW - Not http - Drop - Long
2) All_Users@Any - Any - http - User Auth - Long
Group All_Users contains user xxxx (authenticated by FW-1).
I'm able to successfully login to URL:
http://firewall/freedom/
(where 'firewall' is the external interface of the firewall)
but I get the following:
Error
FW-1 at fw: Failed to connect to the WWW server.
Access to host 'freedom:80' from firewall console is working.
Direct/inverse DNS resolution for hostname 'freedom' is working too.
Thank you for your support and suggestions
Domenico Viggiani
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
