Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Using FW1as a proxy

Status
Not open for further replies.
Greeny

Greeny

IS-IT--Management
Jul 25, 2002
6
GB
I have a problem.

I'm currently setting up a user authentication rule on my firewall and can only get so far. The rule works fine providing the users browser is set to access the internet directly. However they are prompted to enter their username and passwd over and over again. Reading up on this I have been advised to enter the internal NIC address as the proxy server address in Internet explorers settings. This way the firewall will cache the password. The only problem is after I enter the settings in IE, the user doesn't even get prompted for username. The browser tries to connect to the firewalls IP then displays a "Page cannot be displayed" message. Do I need to configure the firewall to allow me to do this or am I missing something very obvious?
 
Sort by date Sort by votes
Firewall-1 is not a http proxy!

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
Hi Chris

I know FW1 isn't a proper HTTP proxy however according to the paper work you have to set it up as a proxy in your browser settings only if you want to use User Authentication. FW1 should then cache your credentials instead of inundating my internal users with login prompts.
 
Upvote 0 Downvote
Hmmm, I was wrong. [neutral]

Yes, Firewall-1 does proxy Telnet, FTP, RLOGON and HTTP when using User Authentication.

I'll have to test this if I ever get any time. Are you using port 80 in IE proxy settings? Make sure that the address is correct as well. Also, when you try to connect and get the 'page cannot be displayed error' check your logs to see if the firewall can see any connection attempt.

Chris.



**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
I've tried port 80 and no port at all (although I couldn't see that happening). I've tried the internal and external IP address of the Firewall and switched on logging of every rule, including the implied rules in Global settings but I'm not getting any entry. I know the policy works because when the browser is set to make a direct connection I'm prompted with the user/pass popup and the firewall logs the entry. It is a bit of a mystery as the documentation I'm using (Checkpoint NG from Syngress) doesn't specify anything out of the ordinary. I am however using FP2 whereas the book was written for the origonal NG version. From experience I know an upgrade to a new version can cause some problems having upgraded from FP1 to FP2 but this was a fresh install. Because I've never tried this before either I've no comparison.


Nightmare!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
779
Sameer258
Sameer258
Ailuin
  • Locked
  • Question
Best Residential proxy provider.
Replies
1
Views
724
AvivBes
AvivBes
jim_bmx
  • Locked
  • Question
sh proxy command
Replies
0
Views
655
jim_bmx
jim_bmx
Sparrow4
  • Locked
  • Question
AnyConnect + Azure + SAML
Replies
0
Views
544
Sparrow4
Sparrow4
GeorgeAlba
  • Locked
  • Question
What do you think about this proxy
Replies
0
Views
209
GeorgeAlba
GeorgeAlba

Part and Inventory Search

Sponsor

Back
Top