I think Norman wanted to identify users based on their NT account rather
than the IP address they came from.
You could use client authentication, using RADIUS and defining a group under
NT.
-----Original Message-----
From: Stephan Dubeau [mailto:[EMAIL PROTECTED]]
Sent: 09 November 2000 13:51
To: 'Norman Zhang'; [EMAIL PROTECTED]
Subject: RE: [FW1] Rules for internet access
Here is the sample of my rules:
Administrator(group1)------>Internal_net(NEGATE)---->any--------------->acce
pt--->no time restriction.
Project
Manager(group2)--->Internal_net(NEGATE)--->Valid_services---->accept-->no
time restriction.
Internal_net------------------>Internal_net(NEGATE)---->http_Block_sites
(UFP Server(Websense))---->accept---->TIME RESTRICTION (ex.:12:00 to
13:00...lol..lunch break)
Group1: In this you will find the name & IP address of the internal
computers. (server, admin workstation for work, BOSS computer :) )
Group2: In this you will find the name & IP address of the internal
computers. (project manager who mostly need FTP access to client sites)
Valid_services: Ftp, http, https....that all!!!
Of course you need to have FIX internal address (base 10.x.x.x or 192.x.x.x)
no DHCP. But you can manager DHCP to allow FIX address to specific machine.
My network is all Win NT.
FW-1 is NT also.
******************************************
* Follow your dream! Unless it's the one *
* where you're at work in your underwear *
* during a fire drill. *
******************************************
*UNIX was never designed to keep people from doing stupid things, because
that policy would also keep them from doing clever things.*
******************************************
Dessinateur / Draftsman &
Windows NT Administrator
Stephan Dubeau
Dessin Structural B.D. inc.
B.D. Structural Design inc.
1400 Graham-Bell, Bureau/Office 300
Boucherville, Quebec, Canada
J4B 6H5
Tel.: (450) 641-1434
Fax: (450) 449-1772
mailto:[EMAIL PROTECTED] (Affaire/Business)
mailto:[EMAIL PROTECTED] (Amusement/Pleasure)
-----Original Message-----
From: Norman Zhang [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 08, 2000 20:38
To: [EMAIL PROTECTED]
Subject: [FW1] Rules for internet access
Hi,
I have an NT domain hidden under NAT behind my firewall. I would like to set
up a rule to allow certain users for internet access. Would someone please
kindly tell me what rules that I need to set to enable these users to access
the internet while other users are restricted?
Thanks and regards,
Norman
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
*===========================================================================
=================*
L'information confidentielle incluse dans ce courrier �lectronique
s'adresse uniquement � la personne, physique ou morale, vis�e.
Toute utilisation, copie, divulgation ou distribution non
autoris�e de ce document est strictement interdite.
Si vous n'�tes pas la personne concern�e par cette transmission
�lectronique, veuillez d�truire ce document et nous aviser par
courriel ou par t�l�phone au (450)641-1434. Les opinions
�mises dans ce courriel ne repr�sentent pas n�cessairement des
opinions v�hicul�es par Dessin Structural B.D. inc.
*===========================================================================
=================*
The confidential Information contained in this e-mail is
intended only for the person or entity to which it is addressed.
Any use, disclosure, copying or distribution of this document is
prohibited and may be unlawful. If you are not the intended
recipient, please destroy this document and notify us by e-mail
or by phone (450)641-1434. Any opinions contained within this
e-mail are not necessarily the opinions of
B.D. Structural Design inc.
*===========================================================================
=================*
-----------------------------------------------------------------------------------------------------------------------
This e-mail is intended only for the above addressee. It may contain
privileged information. If you are not the addressee you must not copy,
distribute, disclose or use any of the information in it. If you have
received it in error please delete it and immediately notify the sender.
evolvebank.com is a division of Lloyds TSB Bank plc.
Lloyds TSB Bank plc, 71 Lombard Street, London EC3P 3BS. Registered in
England, number 2065. Telephone No: 020 7626 1500
Lloyds TSB Scotland plc, Henry Duncan House, 120 George Street,
Edinburgh EH2 4LH. Registered in Scotland, number 95237. Telephone
No: 0131 225 4555
Lloyds TSB Bank plc and Lloyds TSB Scotland plc are regulated by the
Personal Investment Authority and represent only the Scottish Widows
and Lloyds TSB Marketing Group for life assurance, pensions and
investment business.
Members of the UK Banking Ombudsman Scheme and signatories to the UK
Banking Code.
-----------------------------------------------------------------------------------------------------------------------
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
