Define 'easy' :-)
To do user-based authentication you need a user-authentication mechanism,
such as FW-1 accts (yuck) or a gateway to the NOS's acct db (think
RADIUS).
Alternatively you could do network based authentication by subnetting your
1000 users - check out www.monkeynoodle.org/lrp.html if you don't want to
buy another Cisco to do it with. The problem with this approach is that a
user from network A can theoretically plug into network B and get network
B's access rights, but that may not be a realistic problem (depending on
your floor layout, wiring, job descriptions, laptop v. desktop, &c).
HTH
Jack Coates, Rainfinity SE
t: 650-962-5301 m: 650-280-4376
On Fri, 30 Jun 2000, Ivan Fox wrote:
>
> Let's say, I have 1000 internal users, only 500 of them need to pass through
> a firewall to access a ftp server in the DMZ. These 1000 users using one
> big subnet. Meaning that I cannot limit the access by "network". I don't
> want to create 500 users account on the firewall to avoid
> administration/performance overhead.
>
> Is there an easy way to handle this scenario?
>
> Any pointers are much appreciated.
>
> Regards,
>
> Ivan
>
>
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
