CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We've already had our first sign-ups!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 6/9, 7/14, 8/25, 10/6, 11/3, 12/8.
3. We have new forums in Portuguese and German (see below).
4. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
5. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Authentication
Reload this Page Client Authentication problem
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2008-04-04
Wutkung Wutkung is offline
Member
  
Join Date: 2006-05-10
Posts: 32
Wutkung has an average reputation (10+)
Default Client Authentication problem
Hi,

I use Client Authentication with Partially authentication option on HTTP traffic.

I found that some client at some time can't connect to web site because pop-up for user authentication didn't show up. (This happen randomly)

I use tcpdump on CheckPoint and found that HTTP traffic is arrive on CheckPoint but CheckPoint response nothing.

Log on SmartviewTracker seems normal.

Any idea to track or solve this problem ?

PS. CheckPoint is in CheckPoint R62 on SecurePlatform in Active/Active ClusterXL environment.
Reply With Quote
  #2 (permalink)  
Old 2008-04-04
MarioL MarioL is offline
Senior Member
  
Join Date: 2007-01-18
Location: London
Posts: 306
MarioL has an average reputation (10+)
Default Re: Client Authentication problem
Never heard of anything like that. Anyway, if you using only HTTP, why not change to User Auth and give it a go?
Reply With Quote
  #3 (permalink)  
Old 2008-04-05
ngxadmin ngxadmin is offline
Junior Member
  
Join Date: 2007-03-26
Posts: 22
ngxadmin has an average reputation (10+)
Default Re: Client Authentication problem
Reference this case with Checkpoint. I had same issue.

Per my Checkpoint case:
Open guidbedit and change the value of http_max_conn_per_process to 0. Then do an apply.

The value of 500000 is the amount of connections to the security server allowed before that specific process sends a message to the fwd process to kill the security server and restart it. In certain conditions there is a known bug that prevents this message from reaching fwd so the security server exits without restarting. Our developers have found this message to be largely unnecessary and recommend disabling this by setting the value to 0.

This property was not present in older versions such as R55 or R60 but first appeared in R61. In R61, R62, and R65 the default value is 500000.
Reply With Quote
Reply

« Previous Thread | Next Thread »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 21:47.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0