[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Rules for internet access
oups...true...sorry I got a small LAN of 35 user, these users dont have rights to switch computer. They do all there work on the same machine, so it was easier for me to config my FW-1 the way I did... -----Original Message----- From: Murphy, Paul [mailto:[email protected]] Sent: Thursday, November 09, 2000 09:36 To: 'Stephan Dubeau'; 'Norman Zhang'; [email protected] Subject: RE: [FW1] Rules for internet access I think Norman wanted to identify users based on their NT account rather than the IP address they came from. You could use client authentication, using RADIUS and defining a group under NT. -----Original Message----- From: Stephan Dubeau [mailto:[email protected]] Sent: 09 November 2000 13:51 To: 'Norman Zhang'; [email protected] Subject: RE: [FW1] Rules for internet access Here is the sample of my rules: Administrator(group1)------>Internal_net(NEGATE)---->any--------------->acce pt--->no time restriction. Project Manager(group2)--->Internal_net(NEGATE)--->Valid_services---->accept-->no time restriction. Internal_net------------------>Internal_net(NEGATE)---->http_Block_sites (UFP Server(Websense))---->accept---->TIME RESTRICTION (ex.:12:00 to 13:00...lol..lunch break) Group1: In this you will find the name & IP address of the internal computers. (server, admin workstation for work, BOSS computer :) ) Group2: In this you will find the name & IP address of the internal computers. (project manager who mostly need FTP access to client sites) Valid_services: Ftp, http, https....that all!!! Of course you need to have FIX internal address (base 10.x.x.x or 192.x.x.x) no DHCP. But you can manager DHCP to allow FIX address to specific machine. My network is all Win NT. FW-1 is NT also. ****************************************** * Follow your dream! Unless it's the one * * where you're at work in your underwear * * during a fire drill. * ****************************************** *UNIX was never designed to keep people from doing stupid things, because that policy would also keep them from doing clever things.* ****************************************** Dessinateur / Draftsman & Windows NT Administrator Stephan Dubeau Dessin Structural B.D. inc. B.D. Structural Design inc. 1400 Graham-Bell, Bureau/Office 300 Boucherville, Quebec, Canada J4B 6H5 Tel.:Fax:mailto:[email protected] (Affaire/Business) mailto:[email protected] (Amusement/Pleasure) -----Original Message----- From: Norman Zhang [mailto:[email protected]] Sent: Wednesday, November 08, 2000 20:38 To: [email protected] Subject: [FW1] Rules for internet access Hi, I have an NT domain hidden under NAT behind my firewall. I would like to set up a rule to allow certain users for internet access. Would someone please kindly tell me what rules that I need to set to enable these users to access the internet while other users are restricted? Thanks and regards, Norman ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== *=========================================================================== =================* L'information confidentielle incluse dans ce courrier électronique s'adresse uniquement à la personne, physique ou morale, visée. Toute utilisation, copie, divulgation ou distribution non autorisée de ce document est strictement interdite. Si vous n'êtes pas la personne concernée par cette transmission électronique, veuillez détruire ce document et nous aviser par courriel ou par téléphone au. Les opinions émises dans ce courriel ne représentent pas nécessairement des opinions véhiculées par Dessin Structural B.D. inc. *=========================================================================== =================* The confidential Information contained in this e-mail is intended only for the person or entity to which it is addressed. Any use, disclosure, copying or distribution of this document is prohibited and may be unlawful. If you are not the intended recipient, please destroy this document and notify us by e-mail or by phone. Any opinions contained within this e-mail are not necessarily the opinions of B.D. Structural Design inc. *=========================================================================== =================* ---------------------------------------------------------------------------- ------------------------------------------- This e-mail is intended only for the above addressee. It may contain privileged information. If you are not the addressee you must not copy, distribute, disclose or use any of the information in it. If you have received it in error please delete it and immediately notify the sender. evolvebank.com is a division of Lloyds TSB Bank plc. Lloyds TSB Bank plc, 71 Lombard Street, London EC3P 3BS. Registered in England, number 2065. Telephone No: 020 7626 1500 Lloyds TSB Scotland plc, Henry Duncan House, 120 George Street, Edinburgh EH2 4LH. Registered in Scotland, number 95237. Telephone No:Lloyds TSB Bank plc and Lloyds TSB Scotland plc are regulated by the Personal Investment Authority and represent only the Scottish Widows and Lloyds TSB Marketing Group for life assurance, pensions and investment business. Members of the UK Banking Ombudsman Scheme and signatories to the UK Banking Code. ---------------------------------------------------------------------------- ------------------------------------------- *============================================================================================* L'information confidentielle incluse dans ce courrier électronique s'adresse uniquement à la personne, physique ou morale, visée. Toute utilisation, copie, divulgation ou distribution non autorisée de ce document est strictement interdite. Si vous n'êtes pas la personne concernée par cette transmission électronique, veuillez détruire ce document et nous aviser par courriel ou par téléphone au. Les opinions émises dans ce courriel ne représentent pas nécessairement des opinions véhiculées par Dessin Structural B.D. inc. *============================================================================================* The confidential Information contained in this e-mail is intended only for the person or entity to which it is addressed. Any use, disclosure, copying or distribution of this document is prohibited and may be unlawful. If you are not the intended recipient, please destroy this document and notify us by e-mail or by phone. Any opinions contained within this e-mail are not necessarily the opinions of B.D. Structural Design inc. *============================================================================================*Title: RE: [FW1] Rules for internet access oups...true...sorry I got a small LAN of 35 user, these users dont have rights to switch computer. They do all there work on the same machine, so it was easier for me to config my FW-1 the way I did... -----Original Message-----
I think Norman wanted to identify users based on their NT account rather
You could use client authentication, using RADIUS and defining a group under
-----Original Message-----
Here is the sample of my rules: Administrator(group1)------>Internal_net(NEGATE)---->any--------------->acce
Group1: In this you will find the name & IP address of the internal
Of course you need to have FIX internal address (base 10.x.x.x or 192.x.x.x)
My network is all Win NT.
******************************************
-----Original Message-----
Hi, I have an NT domain hidden under NAT behind my firewall. I would like to set
Thanks and regards,
============================================================================
*===========================================================================
-----------------------------------------------------------------------------------------------------------------------
evolvebank.com is a division of Lloyds TSB Bank plc.
Lloyds TSB Bank plc and Lloyds TSB Scotland plc are regulated by the
Members of the UK Banking Ombudsman Scheme and signatories to the UK
|