This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tiger_QAs
Contributor
‎2021-05-25 09:35 AM

Legacy authentication portal [900 port porta] is accessible via IE browser but not on other browsers

Hello friends anyone faced similar issues ?

Gateway is on R80.40

Legacy authentication portal:
[http://firewall-vip.abc.com:900] is accessible on IE but no response on other browsers (Chrome, Edge)

Identity Awareness portal:
No issues with Identity Awareness portal, https://firewall-vip.abc.com

 

0 Kudos
12 Replies
_Val_
Admin
Admin
‎2021-05-26 12:07 AM

It is called "legacy" for a reason. I would strongly advise not to use any of the legacy auth features and rely on Identity Awareness instead.

0 Kudos
i_alves
Participant
‎2022-06-06 12:36 PM
In response to _Val_

_Val,

How are you?

 

How do I disable check point legacy authentication portal?

Ivan

 

0 Kudos
PhoneBoy
Admin
Admin
‎2022-06-06 12:46 PM
In response to i_alves

Do you have any Client Authentication or User Authentication rules in your rulebase?

0 Kudos
i_alves
Participant
‎2022-06-06 12:51 PM
In response to PhoneBoy

PhoneBoy,

Thanks for the feedback.

Yes, we have.

Configured SSL portal is configured with different URL and still legacy portal is being triggered. The legacy portal IP is configured by a class C private IP.

Ivan

0 Kudos
_Val_
Admin
Admin
‎2022-06-06 11:36 PM
In response to i_alves

Get rid of legacy authentications mentioned, the portal will go away.

0 Kudos
i_alves
Participant
‎2022-06-07 05:54 AM
In response to _Val_

_Val_

Yes, I want to remove, however, I didn't find sk that shows the way to remove. Can you tell me how to remove legacy portal settings?

Thanks.

0 Kudos
PhoneBoy
Admin
Admin
‎2022-06-07 07:55 AM
In response to i_alves

You literally remove any rule with Client Authentication or User Authentication for starters.
If you want to prevent the portal from triggering entirely, comment out the relevant lines from $FWDIR/conf/fwauthd.conf
(i.e. put a # at the beginning of the line)
Indirect reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos
i_alves
Participant
‎2022-06-07 08:44 AM
In response to PhoneBoy

PhoneBoy,

 

Thank you very mouch!

Ivan

0 Kudos
_Val_
Admin
Admin
‎2022-06-07 08:44 AM
In response to i_alves

Look in your policy for Client/Session authentication rules and remove them. The portal should disappear then. 

0 Kudos
PhoneBoy
Admin
Admin
‎2021-05-26 07:30 AM

Why is Client Authentication still in use?
This mechanism has been deprecated for many versions now.

0 Kudos
Zolo
Collaborator
Collaborator
‎2022-03-08 02:27 AM
In response to PhoneBoy

Why is it still enabled by default even in R81.10 without ssl?

0 Kudos
PhoneBoy
Admin
Admin
‎2022-03-08 06:16 AM
In response to Zolo

Given Client Auth is a legacy feature with a supported successor feature available (Identity Awareness with Captive Portal), there are no plans to enhance it.
If it's being activated with no Client Auth rules present, it's probably a bug and you should contact the TAC.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events