How do I configure Encrypted Client Authentication?

1. Run cpstop on the VPN-1/FireWall-1 Module.

2. Edit the file fwauthd.conf under the $FWDIR/conf directory by changing the line 900 fwssd in.ahclientd wait 900 to: 900 fwssd in.ahclientd wait 900 ssl:defaultCert

NOTE: "defaultCert" is a nickname on the Certificate List on the NG FP1 VPN-1/FireWall-1 Module. To check the nickname of your Module, open the VPN tab of the Module's Workstation Properties window and view the Certificate List field.

3. Save the file and close it. 4. Run cpstart. 5. Open the Policy Editor. 6. Create the following Rule:

SOURCE - User_groug@Any DESTINATION - Internal server SERVICE - https ACTION - Client Auth (Partially automatic mode or Manual)

NOTE: This Rule also manages HTTPS traffic between the client and the Web server. This traffic occurs after a successful authentication.

7. Install the Policy. 8. In the client's browser proceed as follows:

i. Enter the URL address: https://<FireWall-1_name_or_IP_address>:900
ii. Press Yes to trust the FireWall-1 Certificate.
iii. Enter your FireWall-1 user name
iv. Press OK.
v. Press Yes. vi. Enter your FireWall- 1 password.
vii. Press Submit.
viii. Enter the following URL address: https://<Internal_Web_Server_IP_address>
ix. Press Yes.

Now you are authenticated both to your VPN-1/FireWall-1 and to your Internal Web Server.

24/JULY/03

< back