Hi and sorry for being a bit late with this reply.
Actually it is possible to use FW-1 ONLY to have every internal user
accessing the Internet authenticated by username/password popup. I
successfully did that with a Nokia 440 and hundreds of users. Only provision
is using the http Security Server and the readiness to hack in every user
manually <g>
I posted the complete solution on this list it must be in the archives of
last year somewhere, just look for my old address [EMAIL PROTECTED] as the
sender and you will find it. Also a similar explanation is at
www.phoneboy.com/fw1 under "Implicit Client Authentication" I believe...
Cheers
Ralf G.
-----Ursprüngliche Nachricht-----
Von: <[EMAIL PROTECTED]>
An: "'Blomfield, Adam'" <[EMAIL PROTECTED]>; "'Checkpoint Firewall-1
List'" <[EMAIL PROTECTED]>
Gesendet: Mittwoch, 3. Januar 2001 16:06
Betreff: RE: [FW1] Authentication of Web Sessions
>
> FW1 supports radius (amongst others) as a means of authentication see
> http://www.phoneboy.com/fw1/faq/0282.html
>
> Another option is a copy of ms proxy server or csm proxy server. These
> provide transparent authentiation (no need for username or password)
against
> a nt system. The difference is you point the browser to the proxy rather
> than the firewall , allow the proxy access out via 80 and 443
> NOTE: ms proxy only supports IE not any other browser using this option.
> Anothe option of transparent auth is meta-ip (from checkpoint) but
expensive
>
> -----Original Message-----
> From: Blomfield, Adam [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, 3 January 2001 10:02 AM
> To: 'Checkpoint Firewall-1 List'
> Subject: [FW1] Authentication of Web Sessions
>
>
>
> I have used proxy servers before that popped up a username and password
box
> any time I tried to access an web site. Is it possible to get Firewall-1
to
> do this? Can it validate usernames and passwords against an NT userlist?
If
> so, is there a document out there that details how to do this?
>
> Thanks,
> Adam Blomfield - WAN Administrator
> Sulzer Chemtech USA
> (918) 445-6642
> [EMAIL PROTECTED]
>
>
>
>
============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
> ***************************************************
> This e-mail is not an official statement of the
> Waikato Regional Council unless otherwise stated.
> Visit our website http://www.ew.govt.nz
> ***************************************************
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
