Rob,
Look at this link:
http://www.surfcontrol.com/products/superscout_for_business/super_scout/inde
x.html
This package works together with MS Proxy and/or Checkpoint FW 1.
Great package with lot's of features
Greets
/B
> -----Original Message-----
> From: Rob Scott [SMTP:[EMAIL PROTECTED]]
> Sent: maandag 6 november 2000 21:07
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Selective blocking from inside nets to Internet?
>
> Greetings,
>
> I would like to ask for the expertise of this list regarding a matter of
> selective blocking of traffic from inside a company to the
> Internet. Specific tools that we have or will soon have in place are
> Checkpoint Firewall-1, Checkpoint Meta-IP for internal DNS (and user to
> machine association via LDAP database), and a new tool called the
> R-2000/XStop site blocking appliance from Logon Data.
>
> Our highest level officers have decided on a stated policy course that is
> at odds with what many of the departments think is effective business
> practice (I tend to agree simply from a network management business
> case). I work at a company that has a large number of field offices
> staffed by customer service agents and other hourly-paid service personnel
>
> with very specific job tasks that require localized application access,
> and
> we have four large call centers that also require specific application
> access. Our CEO has declared that we will provide Internet access for
> everyone, but this makes life very difficult at the call centers and
> customer service counters where the managers want the employees to be
> doing
> their work rather than surfing the net.
>
> Selective firewall blocking based on subnets will not work,
> unfortunately. The remote sites have too many exceptions (this manager
> needs full access, that supervisor, etc...) and the rule housekeeping
> would
> be a huge problem.
>
> Using the Meta-IP product we will soon be able to associate a user with a
> given (DHCP addressed) workstation for the duration of their login session
>
> and store the resulting data in an LDAP database. Supposedly Checkpoint
> have integrated the ability of FW-1 to query this LDAP database to allow
> us
> selective permissions through the firewall based on user names and/or NT
> permission groups. Unfortunately, our firewall VAR has no experience with
>
> doing this sort of thing, and in fact it seems that few in business today
> are doing such selective blocking of Internet access (with most it seems
> to
> be an all or nothing proposition).
>
> Would anyone out this audience care to propose or discuss any models of
> selective blocking other than that provided by Checkpoint? Has anyone
> specifically validated the Checkpoint model of selective blocking in
> practice, and if so what were the hard spots if any?
>
> I'm open to all ideas and I hope that this question initiates a discussion
>
> thread on this list. I've inherited this selective blocking mess and your
>
> contributions to my knowledge base are very much appreciated.
>
>
> Cheers.
> Rob
>
> Take chances, Get messy, Make mistakes. (Miss Frizzle)
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Rob Scott, mailto:[EMAIL PROTECTED]
> Langley, Washington on Whidbey Island (a suburb with a moat)
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
