Double User Authentication?

[rubber_chicken]

Hi all,

We have a need for a remote party to connect to the http interface on a management console. This connection requires basic authentication. I have been asked to add FW1 authentication on top of this.

I've created the rules (access and NAT) and all works well when not using FW1 authentication. After I add user authentication I get errors. I get accepts in the FW1 logs saying FW1 authent has succeeded, but the browser returns:

Error: Unauthorized
FW-1 at #name# - Your request was not authorised by the WWW server

When I authenticate I am only using the FW1 credentials.
Something in the back of my brain thinks that FW1 is proxying the connection and I need to provide both the FW1 credentials and then the web authentication at the same time - but I'm not sure if I'm right or what the syntax is if I am right.

Does anyone have any ideas? Your help would be appreciated.

Cheers

[rubber_chicken]

OK, might have sorted it - at least got it working - v. horrible though.

http://www.checkpoint.com/support/te...g/authent.html

Multiple Users and Passwords

The user can specify different user names (and passwords) for the HTTP server and FireWall-1, as follows:

server_username@FireWall-1_username


In the same way, the user can enter two passwords, as follows:

server_password@FireWall-1_password

Would be nice to have the FW1 authentication dialogue box and then once accepted have the device authent dialogue box. Maybe there is still a way of getting this so the experience to the end user is a little more dignified? Oh well - it is working for now. Cheers all.