You would definitely want to setup a different database of users on the FW.
Most of the NT fw have better password policy. And you definitely don't
want your firwall to know anything (almost) about your internal/secure
network.
Jean
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Carric Dooley
> Sent: Tuesday, October 12, 1999 7:29 AM
> To: Vince R Grande
> Cc: [EMAIL PROTECTED]
> Subject: Re: Firewall-1 On NT
>
>
> Because if you think of your firewall as just another server that your
> usres can access at will, you might as well not bother. Network security
> is a tradeoff b/t security and useability (or convenience). It may be
> "convenient" to not have to define users to your firewall, but it is
> significantly less secure. Don't forget you have things like RADIUS and
> LDAP to backend your user database as well, which also afford you the
> commodity of not having to duplicate your effort.
>
> Carric Dooley CNE
> COM2:Interactive Media
> http://www.com2usa.com
>
> "In theory, there is no difference between theory
> and practice. But, in practice, there is. "
> - Jan L.A. van de Snepscheut
>
> On Mon, 11 Oct 1999, Vince R Grande wrote:
>
> > Does anyone know why Firewall-1 for NT recommends installing
> the software on
> > a workgroup instead of a domain(member server)? If so, won't I
> have to setup
> > separate accounts for each user? I'm planning on a DMZ with
> three NIC cards.
> >
> >
> > Thank you,
> > Vince Grande
> > [EMAIL PROTECTED]
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
