No pop-up using Client Auth

aallsopp · #1 (**permalink**) 2006-02-22

Two Nokia IP350 gateways. One here in Saskatoon and a new install in New Brunswick. Both running IPSO 4.0 and NGX. Centrally managed from Saskatoon. Site to site VPN between two gateways is functioning properly. Client Auth works in Saskatoon.
Voyager is using https and the http port has been changed to 8080.
Manual client auth using http://gateway-address:900 works and RADIUS works. Tracker shows all activity as allowed.
When you just enter an outside URL you just get a page cannot be found error. Tracker shows http going to gateway address but that's all. Disabling client auth gives access to the internet.

Any ideas to try out? the ones in Checkpoints Solution ID: #sk12072 did not work.

Lackie · #2 (**permalink**) 2006-02-23

Do you have DNS set up on the enforcement point?

aallsopp · #3 (**permalink**) 2006-02-24

Yes, DNS is set up.
Primary DNS is the internal DNS server.
Secondary DNS is corprate DNS at main site (trough VPN).
Tertiary DNS is DNS supplied by ISP providing Internet Line.
As long as semi-automatic client auth is not used, everything works.

aallsopp · #4 (**permalink**) 2006-03-13

I set up a new rule with a user defined service containing the following macro

CLNTAUTH_MUST_FOLD(##)

where ## is the client authentication rule number. It works now.

Nokia is saying that there may be some corrupt or missing files in our firewall setup, but since it is 3000 miles away, I think I will wait until a scheduled trip to try a re-install.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode