Re: NT User Access/ Checkpoint FW1

["Rodney van den Oever" <roever () nse simac nl>]

> Is there any way to limit a user's internet rights through an NT login?
> Based on what I know so far, if I've got a group of 100 users...  The only
> way to exclude or include a user would be by using IP address?  If the
> group of 100 is on the same hub using DHCP to assign addresses, or frequent
> desk changes are a fact of life, the delegation of internet rights using IP
> addresses is no longer valid.
>
> My question is, is there any way to assign rights through Checkpoint FW1
> using an NT Login?

Not directly, but a here a two work-arounds:

1. Use a RADIUS server, that can proxy NT-logins, like Shiva's Access Manager or Cisco's Secure ACS (both running on 
NT).

or

2. Let your internal users connect to a MS-Proxy-server. Only allow the proxyserver's IP outgoing http/ftp through FW-1.


--
Rodney van den Oever / 0x06 3547CA1 / PGP Key ID 0x0A6CCE53
'It's not who you kill. It's what type of cereal you eat out of their skull.' - Cal Jones