CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have sign-ups from twelve different countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 7/14, 8/25, 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Authentication
Reload this Page Authentication order
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-07-14
stephan411 stephan411 is offline
Member
  
Join Date: 2006-02-17
Posts: 69
Rep Power: 3
stephan411 has an average reputation (10+)
Default Authentication order
Hallo,

it is right, that the authentication rules where checked in the rulebase after the "normal" other rules?

Thank you for your answer.

Stephan
Reply With Quote
  #2 (permalink)  
Old 2006-07-14
kva.kva kva.kva is offline
Senior Member
  
Join Date: 2006-01-26
Location: Moscow, Russia
Posts: 706
Rep Power: 3
kva.kva has an average reputation (10+)
Default Re: Authentication order
All rules are matched in order in the Rule Base. One rule at a time.
May be you mean feature of User Authentication. In this case the authenticating security server first checks if the connection can be allowed by a rule that does not require authentication. If one exist, the user will be connected through the less-restrictive rule, bypassing the User Authentication rule.
Last edited by kva.kva; 2006-07-14 at 06:07.
Reply With Quote
  #3 (permalink)  
Old 2006-07-14
kva.kva kva.kva is offline
Senior Member
  
Join Date: 2006-01-26
Location: Moscow, Russia
Posts: 706
Rep Power: 3
kva.kva has an average reputation (10+)
Default Re: Authentication order
From help

"The Importance of Rule Order for User Authentication

When defining one or more User Authentication rule for the services Telnet, FTP, HTTP, and RLOGIN, and there are other non-authentication rules that use these services, make sure the User Authentication rule is placed last among these rules."
Reply With Quote
  #4 (permalink)  
Old 2006-07-14
stephan411 stephan411 is offline
Member
  
Join Date: 2006-02-17
Posts: 69
Rep Power: 3
stephan411 has an average reputation (10+)
Default Re: Authentication order
Thank you for your answers.

Did I have it understood right:
Only by the User authentication are the user rules are checked first and then the user authentication rule is chacked as last rule. That means, that the clientautehntication rule is checked by the order of the rule base (one rule after the other)?

Stephan
Reply With Quote
  #5 (permalink)  
Old 2006-07-14
stephan411 stephan411 is offline
Member
  
Join Date: 2006-02-17
Posts: 69
Rep Power: 3
stephan411 has an average reputation (10+)
Default Re: Authentication order
That means also, that this rule accept any user to go to the internet without user authentication.

Source Destination Service Action
customers@any any HTTP, FTP user auth
any any any accept


Is that right?

Stephan
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 16:54.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0