> I beg to differ, it's trivial to implement. Internal users should not have
> direct access to the internet from the desktop period. Any time I've ever
> seen it requested, the inabilty to produce a business case to justify it
has
> been more than enough to stop the request dead.
>
> All browser access should be through a proxy server with proper
> authentication....
I quite agree. This has other spinoffs as well. You can keep your rulebase
down which means it's less easy to make mistakes, & reduces the server load.
Use a product such as Novell's BorderManager to handle all user
authentication & access.
Regards
Stewart
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
