Link to home
Start Free TrialLog in
Avatar of fawking
fawking

asked on

Multiple password prompts in checkpoint

We have a checkpoint firewall running on a sun box with solaris 8.
I personaly do not manage the unit, but have been unable to get a solution to this problem.

On our client machines upon accessing the internet you need to provide your username and password.(once)
Over the last few months different users have been complaining that they are now being prompted 2 and three times for a password when using the internet. Once this happens they will always be prompted multiple times.
The clients are windows 98/me and one with win 2000. Most have IE6 or IE5.5 installed. The websites are not restricted sites, happens when opening the browser up and it goes to the start page. Once on the internet usually do not get prompted again.
Avatar of m4rc
m4rc

questions:
what version and what feature pack of fw-1 are you using?
what type of authentication are you using?
is there a checkpoint client running on the desktops?

checkpoint has three types of authentication methods,
User Authentication, Session Authentication, and Client Authentication.  (dont try to figure out what they do by the name, it doesnt quite make sense)

anyway, on the firewall when you set up to allow ppl to go through, you can set the auth type, and for some there is also a timeout involved, like maybe Suzy can use the web for 15 mins, then reauthenticate.  or Suzy can use the web until she has 15 mins of no activity.  etc.

so those users may be hitting one of those limits in the rules.  check the rules and see what the settings are.

marc
I had this problem on a network running Raptor firewall.  It's been a while, but I believe the solution was rather simple.  Making sure the browser on the client PC had the IP address of the proxy server set in the "Connections" settings in Internet Explorer.  Just something to check.
Avatar of Tim Holman
Sounds like session authentication has been setup.  This authenticates users everytime they start a new session.
Do you have access to the management station at all ?
This is a feature that someone's evidently implemented without consulting their user base !
Who's Suzy ?
:)
Hey people,

No comment has been added in roughly 1 year, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question
be PAQ'd and pts forfeited.
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Zenlion420
EE Page Editor
ASKER CERTIFIED SOLUTION
Avatar of YensidMod
YensidMod

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial