RE: [FW1] FW1 & Floodgate

Cannella, Michael (ISS Southfield) Thu, 08 Jun 2000 11:11:16 -0700

Well, I don't know what version of the FW you're running (nor have I
configured it myself outside of a test lab), but the following is possible.

Use MetaIP for DHCP, run the UAT (User Authentication Trap, I think) on all
of your DCs, the UAM (User to Address Mapper) on your Management Server.

The result is that you create a mapping of:
      Domain User<-->IP address<-->Hostname<-->MAC Addr.

This lets you base Floodgate rules on the user.  Mapping the user to the
host for bandwidth management happens on the fly, no matter what box they
use.


I would recommend making sure the versions of FW and floodgate required,
although I've gotten it going (in a completely artificial test environment)
on MetaIP 4.1, Floodgate-1 4.1, VPN-1/FW-1 4.1 SP1, and (I think) NT4 SP4 or
SP5.

Good luck

Michael

-----michael cannella     mcse, ccsi  mailto:[EMAIL PROTECTED]
-----Internet Security Systems, Secure University
-----http://www.iss.net/



> -----Original Message-----
> From: Michel Toussaint [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 08, 2000 10:58 AM
> To: Fw-1-Mailinglist (E-mail)
> Subject: [FW1] FW1 & Floodgate
> 
> 
> 
> With a FW-1 + Floodgate1.5:
> Can I set the bandwidth per user with authentication to a NT Domain ?
> Let say for example that users of group "mp3 jerks" are 
> limited to 14.4
> Kbits/sec.
> 
> Currently, when someone doesn't respect the company policies, 
> I have to
> limit the bw using his or her IP address. Well, this works 
> but it's far from
> being convenient.
> 
> Any help appreciated ;-)
> 
> -----------------  FROM : ---------------
> Michel Toussaint,MCSE
> System Administrator
> Eonic Systems NV
> Mailto:[EMAIL PROTECTED]
> Vcard http://www.eonic.com/vcards/mto.vcf
> - From Deep Space To Deep Sea -
> Web site: http://www.eonic.com
> -----------------------------------------
> 
> 
> 
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the 
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
RE: [FW1] FW1 & Floodgate

Reply via email to
