What are the options for doing user authentication on FW-1?
Most of the time all we require is HTTP and we handle that with MS proxy
sitting inside the firewall. Users point to the proxy and only the proxy's
have permissions beyond the firewall.
We do get requests for other types of access and we have been handling them
by assigning specific IP addresses to the users PC's and then allowing
those IP address's through the firewall. It's grown to the point that it is
now big pain to manage in this fashion. Especially as we get more laptops
and the users become mobile. Relying on a fixed IP no longer works.
I know that FW-1 has a user database and we can permit based on entries in
this database. I'm not keen on this because it is yet another id/password
for my users to endure. All our users are defined in NetWare's NDS. We also
are soon to have ACE Server soft-token and Radius for a separate dial
project.
Is there any way to get FW-1 to use the user list in NDS or authenticate
against the ACE/Radius? I'd like it to be transparent to the user. If
possible, not even prompting them for an ID or password. Am I dreaming?
----------------------------------------------------------------------------------------
Greg Winkler
Systems Manager, IT&S
Huntsman Corporation
Internet Mail: [EMAIL PROTECTED]
Voice: (713) 235-6018
Fax: (713) 235-6890
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
