Firewall Wizards mailing list archives
Logging into FW-1 with SSL?
From: "Briercheck, Scott" <brierchecks () msx upmc edu>
Date: Wed, 8 Sep 1999 17:37:05 -0400
Wizards, I'd like to make the following configuration happen, but I've been told its not possible: I would like to take an NT machine running IIS 4.0 and have it protected by FW-1. The rules would be extremely tight, so that basically the only thing allowed through the firewall would be HTTPS to the web server. In order to get access to the web server, you'd first have to successfully log in at the firewall (I'd use Livingston's Radius Server to let the firewall have access to the SQL database that stores the web login information). If you succeeded at the firewall login, then your HTTPS traffic would be allowed through to the web server. Otherwise, nothing from you would get through to the web server). Here come's the tricky part: I'd like the initial authentication at the firewall to take place over SSL. The problem I'm presented with is that I can't establish an SSL connection to the firewall because I need the Web Server's certificate for the SSL session, but I can't use the certificate since there isn't a connection to the Web Server yet....This circular dependency is the difficulty. So my question: Is there some way around this dependency loop, for example, is it possible for the firewall to serve up a certificate that would allow HTTPS to occur during the authentication at the firewall? Or is there another way around it? I'm open to any suggestions, or to a plain old "Nope, it can't be done". Thanks, Scott
Current thread:
- Logging into FW-1 with SSL? Briercheck, Scott (Sep 08)
- Re: Logging into FW-1 with SSL? Oscar Wahlberg (Sep 10)
- <Possible follow-ups>
- Re: Logging into FW-1 with SSL? czarcone (Sep 10)