Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tiger_QAs
Contributor

Legacy authentication portal [900 port porta] is accessible via IE browser but not on other browsers

Hello friends anyone faced similar issues ?

Gateway is on R80.40

Legacy authentication portal:
[http://firewall-vip.abc.com:900]
 is accessible on IE but no response on other browsers (Chrome, Edge)

Identity Awareness portal:
No issues with Identity Awareness portal, https://firewall-vip.abc.com

 

0 Kudos
12 Replies
_Val_
Admin
Admin

It is called "legacy" for a reason. I would strongly advise not to use any of the legacy auth features and rely on Identity Awareness instead.

0 Kudos
i_alves
Participant

_Val,

How are you?

 

How do I disable check point legacy authentication portal?

Ivan

 

0 Kudos
PhoneBoy
Admin
Admin

Do you have any Client Authentication or User Authentication rules in your rulebase?

0 Kudos
i_alves
Participant

PhoneBoy,

Thanks for the feedback.

Yes, we have.

Configured SSL portal is configured with different URL and still legacy portal is being triggered. The legacy portal IP is configured by a class C private IP.

Ivan

0 Kudos
_Val_
Admin
Admin

Get rid of legacy authentications mentioned, the portal will go away.

0 Kudos
i_alves
Participant

_Val_

Yes, I want to remove, however, I didn't find sk that shows the way to remove. Can you tell me how to remove legacy portal settings?

Thanks.

0 Kudos
PhoneBoy
Admin
Admin

You literally remove any rule with Client Authentication or User Authentication for starters.
If you want to prevent the portal from triggering entirely, comment out the relevant lines from $FWDIR/conf/fwauthd.conf
(i.e. put a # at the beginning of the line)
Indirect reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos
i_alves
Participant

PhoneBoy,

 

Thank you very mouch!

Ivan

0 Kudos
_Val_
Admin
Admin

Look in your policy for Client/Session authentication rules and remove them. The portal should disappear then. 

0 Kudos
PhoneBoy
Admin
Admin

Why is Client Authentication still in use?
This mechanism has been deprecated for many versions now.

0 Kudos
Zolo
Contributor
Contributor

Why is it still enabled by default even in R81.10 without ssl?

0 Kudos
PhoneBoy
Admin
Admin

Given Client Auth is a legacy feature with a supported successor feature available (Identity Awareness with Captive Portal), there are no plans to enhance it.
If it's being activated with no Client Auth rules present, it's probably a bug and you should contact the TAC.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events