Firewall Wizards mailing list archives
Layer 3 / Layer 7 integration
From: "P OS" <research.questions.contact () googlemail com>
Date: Fri, 28 Nov 2008 15:23:24 +0000
Hello All, We have a Netscreen firewall, but we are also open to other alternatives. I am wondering if the following is possible: - clients connect to our system using a custom protocol on top of TCP/IP - a unique userId will be used to identify each user, as source ip is not enough - each client can only be allowed to connect to 1 IP per day. No matter how many times a client logs on/off during the day, they must be assigned the same IP. The allocation of IP address should be random, but I imagine this should be ok to script (flush table at midnight etc.). This IP will then change the following day. If the client has an established connection, do not inspect the packets as we are worried about latency. A strange business requirement, I know! - To achieve these requirements, I would like to know if the following is possible: - At layer 3, if the connection is already established, let the connection process without any inspection. - At layer 7, if the connection is not already established, inspect the unique userId in the protocol and forward onto assigned IP. - I am just wondering, does this sound reasonable or would there be any better alternatives? Thank-you very much for your time, I appreciate your help.
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Layer 3 / Layer 7 integration P OS (Nov 28)