Hey, If I understand you well, you want to authenticate and log Internet usage originated from Terminal Server users. As far as I know a PIX can't authenticate those users before accessing the Internet Services, nor can it log their activity. This is because of the single source address from the Terminal Server itself. However, as you are already using Microsoft software (Terminal Server with or without Citrix), why don't you use a MS Proxy or ISA Server. The MS Proxy/ISA can log and authenticate Terminal Services Internet users.
Regards, Andy ----- Original Message ----- From: "Kuff, Hal" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, February 10, 2002 2:50 AM Subject: Windows Terminal Server > > > We're looking for a way to differentiate/authenticate between uses > on a Windows Terminal Server..... in firewall logs... Pix would be > preferable..... Remember that all users have the same ip address, that of > the terminal server itself so a proxy type box would see a user session in a > similar fashion to multiple copies of IE/Netscape/Telnet on a single > workstation.. i.e imagine 200 browser sessions coming from one address but > actually 200 separate NT user sessions... > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
