i'm having problems accessing the web from behind an NG firewall. we are using hide nat for all the hosts behind the firewalls, with the following rule: corp_net any any accept log. most times we are able to properly open web pages, however, at times with different hosts/connecting to different web sites the web page being opened will time-out, thus not display irritating the user. however, pressing the refresh button will open the page up immediately after the problem is reported/seen. the firewall box is running windows 2000 server w/sp2 and NG FP1. any ideas would be greatly appreciated.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
web access from behind NG firewall
- Thread starter mmaia
- Start date
try this if you think the web site you are having a problem with have virtual ip address.
Got this from :
HTTP Requests
Redirection According to Host Header
As in all types of transparent authentication, when the user attempts to connect to a
certain host, the connection is redirected through VPN-1/FireWall-1. Once the user is
authenticated, VPN-1/FireWall-1 completes the connection to the requested
destination. By default, this is done using the destination’s IP address. However, for
HTTP requests authenticated by Fully or Partially Automatic Client Authentication, it
is possible to configure VPN-1/FireWall-1 so that the connection is completed
according to the destination specified in the HTTP host header. This handles the case
where several HTTP hosts share the same virtual IP address.
To enable redirection according to the HTTP host header, follow these steps:
1 On the Management Server, issue the fwstop command.
2 In the file $FWDIR/conf/objects.C, under the line that includes the token
rops (
add the following line: : http_use_host_h_as_dst (true)
3 On the Management Server, issue the fwstart command.
Note The objects.C file should not be edited directly. Instead, use dbedit (see
Chapter 1, Command Line Interface of Check Point Reference Guide) to edit the
objects_5_0.C file on the Management Server.
Got this from :
HTTP Requests
Redirection According to Host Header
As in all types of transparent authentication, when the user attempts to connect to a
certain host, the connection is redirected through VPN-1/FireWall-1. Once the user is
authenticated, VPN-1/FireWall-1 completes the connection to the requested
destination. By default, this is done using the destination’s IP address. However, for
HTTP requests authenticated by Fully or Partially Automatic Client Authentication, it
is possible to configure VPN-1/FireWall-1 so that the connection is completed
according to the destination specified in the HTTP host header. This handles the case
where several HTTP hosts share the same virtual IP address.
To enable redirection according to the HTTP host header, follow these steps:
1 On the Management Server, issue the fwstop command.
2 In the file $FWDIR/conf/objects.C, under the line that includes the token
rops (add the following line: : http_use_host_h_as_dst (true)
3 On the Management Server, issue the fwstart command.
Note The objects.C file should not be edited directly. Instead, use dbedit (see
Chapter 1, Command Line Interface of Check Point Reference Guide) to edit the
objects_5_0.C file on the Management Server.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
- Locked
- Question