Re: Watchguard and HTTP authentication

From: Dave R (me_at_privacy.net)
Date: 03/23/05 

Date: 23 Mar 2005 09:07:08 GMT

On Tue, 22 Mar 2005 20:59:02 GMT, Leythos <void@nowhere.lan> wrote:

> On Tue, 22 Mar 2005 18:08:28 +0000, Dave R wrote:
>>
>> I've recently taken delivery of a Watchguard Firebox and it looks
>> like it doesn't support basic http authentication. I'm sure it must
>> be me missing something. Anyone know how to do it?
>
> What model?

It's the X series.

> When I setup shared user accounts for authentication rules, meaning I
> allow several users to logon using the same ID/PWD, then setup rules
> accordingly. You should be able to browse to http://firewall_IP:4100
> and as long as you have a JVM installed you should get the web login
> page. You have to keep the session open in order to use the
> authentication.

Thanks.

That's what I've seen so far, and frankly it's rubbish. It doesn't
account for multi-user systems, it requires each person to have a JVM
configured in their browser, and it doesn't stop multiple programs from
accessing HTTP if they're on the same machine.

I was expecting it to do basic http authentication. That is, make a
HTTP request through the firewall, it responds with a 407 Authentication
Required, so browser prompts for username and password, which is then
basically encoded in the HTTP headers for subsequent requests. I
realise this may not be as secure as the Applet with its
challenge/response, but it's a fairly fundamental feature.