Why are you having problems?

Your customer, Mr. Smith needs access to other networks and should be able to use all services.
Session authentication is not suitable. You select Client Authentication with HTTP. The standard
authentication port for client HTTP authentication (Port 900) is already in use. You want to use
Port 9001 but are having connectivity problems. Why are you having problems?

Your customer, Mr. Smith needs access to other networks and should be able to use all services.
Session authentication is not suitable. You select Client Authentication with HTTP. The standard
authentication port for client HTTP authentication (Port 900) is already in use. You want to use
Port 9001 but are having connectivity problems. Why are you having problems?

A.
The Security Policy is not correct.

B.
You can’t use any port other than the standard port 900 for Client Authentication via HTTP.

C.
The service FW_clntauth_http configuration is incorrect.

D.
The configuration file $FWDIR/conf/fwauthd.conf is incorrect.

Explanation:



Leave a Reply 1

Your email address will not be published. Required fields are marked *


zoze

zoze

D

To change the Client Authentication port number:
Stop Check Point services by running the cpstop command.
Modify the port number in the Manage > Service > Show > TCP Services window for the following services:
To modify the port number for Telnet sign on, change the port number of the FW1_clntauth_telnet service.
To modify the port number for HTTP sign on, change the port number of the FW1_clntauth_http service.
These are special Check Point services provided as part of the Client Authentication feature.

Use a simple text editor to edit the $FWDIR/conf/fwauthd.conf file. Change the port number of the Client Authentication application to the same port number defined in step 2.
Do one of the following:
For Telnet Sign On, modify the first column in the in.aclientd line.
For HTTP Sign On, modify the first column in the in.ahclientd line.
21 fwssd in.aftpd wait 0
80 fwssd in.ahttpd wait 0
513 fwssd in.arlogindwait 0
25 fwssd in.asmtpd wait 0
23 fwssd in.atelnetd wait 0
259 fwssd in.aclientd wait 259
10081 fwssd in.lhttpd wait 0
900 fwssd in.ahclientdwait 900
0 fwssd in.pingd respawn 0
0 fwssd in.asessiond respawn 0
0 fwssd in.aufpd respawn 0
0 vpn vpnd respawn 0
0 fwssd mdq respawn 0
0 xrm xrmdrespawn0-pr

Important – Do not change anything else in these lines.
Ensure that there is no rule that blocks the connection to the new port.
Restart Check Point services by running the cpstart command.