Hi Ivan,
First of all, make sure, this client authentication rules doesn't change the
position in the rulebase. If the client auth rule changes the position (rule
number) the users have to reauthenticate after the policy upload. In our case,
we create those rules directly after the cleanup rule, as the rule above the
clean up are very static.
Then, on the management server (or specific CMA in P-1) modify the table.def
file in $FWDIR/lib/ like this:
client_auth = dynamic sync expires AUTH_TIMEOUT kbuf 3 \
expcall KFUNC_CLIENT_AUTH_EXPIRE;
to
client_auth = dynamic sync expires AUTH_TIMEOUT kbuf 3 \
expcall KFUNC_CLIENT_AUTH_EXPIRE keep;
and after policy install, it'll should work as supposed.
Hope this helps,
Roger
-----Ursprüngliche Nachricht-----
Von: Mailing list for discussion of Firewall-1
[mailto:[email protected]] Im Auftrag von Ivan Kuncl
Gesendet: Montag, 25. Januar 2010 08:29
An: [email protected]
Betreff: [FW-1] Client authentication and policy send
Hello,
for our users we use client authentication with timeout 12 hours when
they want to access internet. Unfortunately when we send policy to
firewall all users are logged out and have to login again. Is there
any way how the client authentication can endure policy sending ?
Thanks
Ivan Kuncl
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
IƧ��[�(^rC��{S�֥I�.�+r��^���
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
