topic Re: Legacy authentication portal [900 port porta] is accessible via IE browser but not on other brow in Firewall and Security Management

Legacy authentication portal [900 port porta] is accessible via IE browser but not on other browsers

Tiger_QAs — Tue, 25 May 2021 16:35:02 GMT

Hello friends anyone faced similar issues ?

Gateway is on R80.40

Legacy authentication portal:
[http://firewall-vip.abc.com:900] is accessible on IE but no response on other browsers (Chrome, Edge)

Identity Awareness portal:
No issues with Identity Awareness portal, https://firewall-vip.abc.com

Re: Legacy authentication portal [900 port porta] is accessible via IE browser but not on other brow

_Val_ — Wed, 26 May 2021 07:07:07 GMT

It is called "legacy" for a reason. I would strongly advise not to use any of the legacy auth features and rely on Identity Awareness instead.

Re: Legacy authentication portal [900 port porta] is accessible via IE browser but not on other brow

PhoneBoy — Wed, 26 May 2021 14:30:42 GMT

Why is Client Authentication still in use?
This mechanism has been deprecated for many versions now.

Re: Legacy authentication portal [900 port porta] is accessible via IE browser but not on other brow

Zolo — Tue, 08 Mar 2022 10:27:57 GMT

Why is it still enabled by default even in R81.10 without ssl?

Re: Legacy authentication portal [900 port porta] is accessible via IE browser but not on other brow

PhoneBoy — Tue, 08 Mar 2022 14:16:58 GMT

Given Client Auth is a legacy feature with a supported successor feature available (Identity Awareness with Captive Portal), there are no plans to enhance it.
If it's being activated with no Client Auth rules present, it's probably a bug and you should contact the TAC.

Re: Legacy authentication portal [900 port porta] is accessible via IE browser but not on other brow

i_alves — Mon, 06 Jun 2022 19:36:00 GMT

_Val,

How are you?

How do I disable check point legacy authentication portal?

Ivan

Re: Legacy authentication portal [900 port porta] is accessible via IE browser but not on other brow

PhoneBoy — Mon, 06 Jun 2022 19:46:32 GMT

Do you have any Client Authentication or User Authentication rules in your rulebase?

Re: Legacy authentication portal [900 port porta] is accessible via IE browser but not on other brow

i_alves — Mon, 06 Jun 2022 19:51:20 GMT

PhoneBoy,

Thanks for the feedback.

Yes, we have.

Configured SSL portal is configured with different URL and still legacy portal is being triggered. The legacy portal IP is configured by a class C private IP.

Ivan

Re: Legacy authentication portal [900 port porta] is accessible via IE browser but not on other brow

_Val_ — Tue, 07 Jun 2022 06:36:00 GMT

Get rid of legacy authentications mentioned, the portal will go away.

Re: Legacy authentication portal [900 port porta] is accessible via IE browser but not on other brow

i_alves — Tue, 07 Jun 2022 12:54:05 GMT

_Val_

Yes, I want to remove, however, I didn't find sk that shows the way to remove. Can you tell me how to remove legacy portal settings?

Thanks.

Re: Legacy authentication portal [900 port porta] is accessible via IE browser but not on other brow

PhoneBoy — Tue, 07 Jun 2022 14:55:41 GMT

You literally remove any rule with Client Authentication or User Authentication for starters.
If you want to prevent the portal from triggering entirely, comment out the relevant lines from $FWDIR/conf/fwauthd.conf
(i.e. put a # at the beginning of the line)
Indirect reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk141012

Re: Legacy authentication portal [900 port porta] is accessible via IE browser but not on other brow

i_alves — Tue, 07 Jun 2022 15:44:34 GMT

PhoneBoy,

Thank you very mouch!

Ivan

Re: Legacy authentication portal [900 port porta] is accessible via IE browser but not on other brow

_Val_ — Tue, 07 Jun 2022 15:44:47 GMT

Look in your policy for Client/Session authentication rules and remove them. The portal should disappear then.