We use Juniper SRX5800 firewalls at the border, and NAT turnover is extremely quick. The STRM software makes identifying private IPs for a specific day/time very easy (query public IP at X time, and it IDs the private for you). Then, we use ISC for DHCP, so just query the logs for that private IP).
Connected by Motorola Charles Rumford <[email protected]> wrote: >We are currently investigating different NAT solutions and deployments, and I >would be curious how other schools handle the legal aspects of connection >tracking, and keeping users accountable for their actions. > >We are starting from scratch, and open to trying and investigating different >solutions. > >-Charles > >On Jun 19, 2013, at 11:43 AM, Michael Hulko <[email protected]> wrote: > >> >> This subject was introduced a year ago, and several schools had varying >> methods of recording NAT'd communications for legal requirements. Several >> schools use the same process as we do, using a combination of Airwave, >> LanGuardian, and Netflow. We had avoided using Connection tracking local on >> the box as we feel that this would greatly impact service. I am interested >> to know what other schools are doing in this arena, if anything? >> >> Michael Hulko >> Network Analyst >> >> Western University Canada >> Network Operations Centre >> Information Technology Services >> 1393 Western Road, SSB 3300CC >> London, Ontario N6G 1G9 >> >> tel: 519-661-2111 x81390 >> e-mail: [email protected] <mailto:[email protected]> >> >> >> >> >> >> ********** Participation and subscription information for this EDUCAUSE >> Constituent Group discussion list can be found at >> http://www.educause.edu/groups/. >> > >********** >Participation and subscription information for this EDUCAUSE Constituent Group >discussion list can be found at http://www.educause.edu/groups/. > >!DSPAM:911,51c3c7b2148776620581884! > >
