Firewall Wizards mailing list archives

RE: Internet access control tied to users/group

From: "Stiennon,Richard" <richard.stiennon () gartner com>
Date: Wed, 7 Feb 2001 15:37:46 -0500

And of course, MS ISA server does this. 

-----Original Message-----
From: John Adams [mailto:jna () retina net]
Sent: Monday, February 05, 2001 5:16 PM
To: Anthony Di Donato
Cc: firewall-wizards () nfr net
Subject: Re: [fw-wiz] Internet access control tied to users/group

Cisco PIX can do this based on RADIUS or TACACS groups, as far as NT
integration goes, you could run an NT Radius server.

Alternately you can run the Microsoft proxy server.

-john

On 2 Feb 2001, Anthony Di Donato wrote:

Citrix Extranet does this

Hi Folks,

I have a need locate a proxy server (filtering if

possible) or firewall

to authorize services for users in an NT Domain

system AND provide

access control based upon group membership.

This could be one or two

systems (two servers would include an internal

server to tie into NT

Domains and authorize internal users for services

and the second a

firewall for the perimeter control).

Thus far I've determined that the choices are pretty

limited.  I've

found Border Manager can tie into NDS and apply

policy based on defined

groups.

Any other possibilities out there?

Other information:  This is an environment with alot

of diskless

workstations and most of them get their service

through Citrix servers

so the firewall either would see a dynamic address

for some special

services or the citrix servers IP for the majority of

users.


TIA.

___________________________________________
____

firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards


--
J. Adams                                        http://www.retina.net/~jna
You are supposed to be a consumer, a black hole for goods, advertising and
content. They only want to allocate enough upstream bandwidth for
10,000,000 buy buttons. Producing or sharing information is a subversive
act and will not be tolerated. -anonymous coward on /.


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Internet access control tied to users/group Anthony Di Donato (Feb 03)
- Re: Internet access control tied to users/group John Adams (Feb 07)
- <Possible follow-ups>
- RE: Internet access control tied to users/group Stiennon,Richard (Feb 08)
- RE: Internet access control tied to users/group Ben Nagy (Feb 08)