Pardon the unsolitited comment but... the original question was:
> Does anyone know why Firewall-1 for NT recommends installing the
> software on
> a workgroup instead of a domain(member server)? If so, won't I
> have to setup
> separate accounts for each user? I'm planning on a DMZ with three
> NIC cards.
I have a 3 NIC bastion set up using NT. Why is it that you think you need a
"separate account" for each user. You define the "trusted" IP scheme with
appropriate rights to avoid the need for separate "accounts".
Just my 2 cents worth.
Richard Drennan
Systems Engineer
NAVEODTECHDIV
DEPARTMENT Of NAVY
-----Original Message-----
From: Jean Morissette [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 12, 1999 7:50 PM
To: Tom Tomasovic; [EMAIL PROTECTED]
Subject: RE: Firewall-1 On NT
No it does not make sense you are right. So just make it part of its own
workgroup and let the fw handle the users. I believe that most NT fw have
better password policies than NT does and make sure that the users'
passwords are not the same as the NT password. Creating fw users can be a
long process (you can also make it faster with template and scripts) but I
would avoid any kind of trust. Would need too much unneeded services to run
and ports opened, IMVHO.
Jean
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Tom Tomasovic
> Sent: Tuesday, October 12, 1999 9:14 AM
> To: [EMAIL PROTECTED]
> Subject: FW: Firewall-1 On NT
>
>
> Vince/Jim et al:
>
> OTOH, does it not make sense to make your firewall server it's
> own domain and
> then create a one way trust to your network domain (firewall
> being the trusting
> domain and the network being trusted)? That way, you don't have
> to create all
> the users on your firewall box.
>
> You can't do that unless the box is a part of a domain. In this
> case, it would
> probably be the only box on the domain, ergo the PDC.
>
> Regards,
>
> Tom
> Web Developer, HealthFirst
> (212) 801-6214
> ==============================================
> The opinions contained herein are mine and mine alone. I am fortunate
> that HealthFirst allows me to express them to you, but they are not
> responsible for what I say.
> ==============================================
>
> The basic concept is that your Firewall should not be trusted to
> anything on
> your network. The bottom line is that
> if you trust your Firewall to your DMZ and your Firewall is
> compromised, so goes
> your DMZ.
>
> Jim Lemieux
>
> Does anyone know why Firewall-1 for NT recommends installing the
> software on
> a workgroup instead of a domain(member server)? If so, won't I
> have to setup
> separate accounts for each user? I'm planning on a DMZ with three
> NIC cards.
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
