One another solution is to use an authentification on the Firewall.
You can create an account on the Firewall (one user and the corresponding
password),
then you give to the authorized users the login/pass
they connect to
http://internal_or_external_Firewall_Interface:900
or telnet to internal_or_external_Firewall_Interface port 259
(Maybe you think it is not secure to let them know the firewall adress but
If they do a traceroute they can know the interface adress)
It is one solution, maybe you think it is not interesting ...
but I've already use it for a such problem, but not for 500 users, it was
less hopefully !
> Francis THELLIER
>
>
> -----Message d'origine-----
> De: Ivan Fox [SMTP:[EMAIL PROTECTED]]
> Date: vendredi 30 juin 2000 15:29
> �: Firewall-1
> Objet: [FW1] groups
>
>
> Let's say, I have 1000 internal users, only 500 of them need to pass
> through
> a firewall to access a ftp server in the DMZ. These 1000 users using one
> big subnet. Meaning that I cannot limit the access by "network". I don't
> want to create 500 users account on the firewall to avoid
> administration/performance overhead.
>
> Is there an easy way to handle this scenario?
>
> Any pointers are much appreciated.
>
> Regards,
>
> Ivan
>
>
>
> ==========================================================================
> ======
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
