Create a user group and user id for those who need download access. Then create a rule that reads as such
[EMAIL PROTECTED] any destination service=http&ftp (or what ever you need) action=client authentication. Then, those users who need to download can telnet to <your firewall> on port 259 to authenticate. You could also configure the authentication through a web page. Keep in mind that if your users are sharing a desktop, if one user authenticates all will gain access. On 1/7/04 3:23 PM, "Juan Andres Galavis" <[EMAIL PROTECTED]> wrote: > Hello Gurus, > > I'm trying to configure http resources but can't really manage to achieve > what I need. > > Here is the big picture: > I've got this rule: source->any destination->my_intenal_net > service->http_resource action->accept > My internal net can perfectly surf on the web, but they cannot download any > attachments or applications. This is Ok (it's great!) but some users (not > all) need to download attachments and applications. > > What I am trying to achieve is to permit web surfing but limit web > downloading (attachments, applications, documents, etc.). Just specific > users are authorized to download files from Internet. > > Please guide me with your knowledge to accomplish this task! Thanks in > advance.... > > Saludos/Cheers, > > Juan Andr�s Galav�s > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
