Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Problem with auth policy

Status
Not open for further replies.
malekdannourah

malekdannourah

Technical User
Sep 13, 2005
10
GB
Hi,

I have a Netscreen-5GT ADSL and have a number of policies in place that are working fine. I have a website hosted on one of my machines that does not use authentication. Its not hosted using apache or IIS, etc.. but rather its own propietery type webserver, so adding authtication will not be trivial.

As such, I wanted to add authentication to the policy that permits the traffic from untrust to trust. The policy without auth works fine, but as soon as I enable auth, its as if the policy does not exist and the website is unavailable. I do not get the http logon banner that I was expecting.

I'm running ScreenOS 5.4.0r6.0 .

Any help/advice appreciated.
 
Sort by date Sort by votes
Hello,

What type of Auth did you configure (Auth, WebAuth, etc)? Did you define a user in the local DB or are you trying to use RADIUS or SecurID? Let me know.

Rgds,

John
 
Upvote 0 Downvote
Hi,

Just auth (dont have an extra public IP for webauth), using local DB. I have ceated a single user account no the device, and have tried explicity permitting that user in the policy, and also setting the policy to all users. On the user properties, the user is set as an Authentication User.

Cheers.
 
Upvote 0 Downvote
Hello,

If you are looking for a Login Page, I think you need to use WebAuth.

Rgds,

John
 
Upvote 0 Downvote
Thanks, although not according to the manual.

Auth is for run-time authentication (ie, the netscreen intercepts the SYN, buffers it and challenges the user with a banner. If successfull the buffered packet is released, and further traffic is permitted).

WebAuth is for pre-policy validation (ie, the netscreen redirects the session to the webauth IP, authenticates the user, then permits the traffic based on the policy).


I'm not a netscreen expert, but thats certainly how the manual reads!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
807
Sameer258
Sameer258
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
173
ISDPCMAN
ISDPCMAN
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
165
ITSUPPORTIT
ITSUPPORTIT
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
240
hairlessupportmonkey
hairlessupportmonkey
Jimbo2015
  • Locked
  • Question
Avaya - Watch guard issue with keep alives
Replies
1
Views
197
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top