|
Andy, I believe a Netscreen could do the job.
You can set a named address to a MIP in the firewall and then force
authentication on the outgoing side. Steve
Clark Clark Systems Support, LLC AVIEN Charter Member "Who's watching your
network?" www.clarksupport.com 301-610-9584
voice 240-465-0323
Efax The data furnished in connection with this
document is deemed by Clark Systems Support, LLC., to contain proprietary and
privileged information and shall not be disclosed or used for the benefit of
others without the prior written permission of Clark Systems Support, LLC. -----Original Message----- Hey, I'm looking for a firewall, which
can give me a solution for the problem I'll be describing. I've got a Windows 2000 Terminal
Server, and the Terminal Server clients can browse the Internet using their
session. However, they need to be authenticated by a firewall appliance before
they are allowed, and their activity needs be logged on a user basis. The firewall I'm using testing
for the moment -WatchGuard Firebox II- cannot do what I want. Once a
Terminal Server user authenticates successfully, all other are allowed. This is
because my WatchGuard dynamically changes the ACLs, because of the successfull
authentication, and allows Internet access originated from the Terminal Server
Source IP. Additionally, it cannot log on a user basis, as far as my WatchGuard
is concerned it comes from the Terminal Server. I've also tested the Nortel
Contivity Instant Internet Gateway, and they have the same problem as above. During my
CheckPoint Firewall-1 training, I've asked the same question. The
Certified Instructor told me it wasn't possible on CP FW-1, for the same
reasons as described above. However, I didn't have the opportunity to test it
so far. Does anyone know a firewall which
can perform what I want? And if yes, can he or she describe how it is done? Any
help is welcome, and I thank you for the answer(s) to my question. Regards, Andy JONKERS |
- Firewall authentication & W2K Terminal Server Andy Jonkers
- RE: Firewall authentication & W2K Terminal Serv... Clark, Steve
- RE: Firewall authentication & W2K Terminal Serv... Kuff, Hal
- RE: Firewall authentication & W2K Terminal Serv... Clark, Steve
- RE: Firewall authentication & W2K Terminal Serv... Eric Samburn
- Re: Firewall authentication & W2K Terminal ... Andy Jonkers
- RE: Firewall authentication & W2K Terminal Serv... Clark, Steve
- RE: Firewall authentication & W2K Terminal Serv... John Steniger
- Re: Firewall authentication & W2K Terminal Serv... piranha x
- Re: Firewall authentication & W2K Terminal ... Laura A. Robinson
