NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Rules for internet access



oups...true...sorry

I got a small LAN of 35 user, these users dont have rights to switch
computer. They do all there work on the same machine, so it was easier for
me to config my FW-1 the way I did...




-----Original Message-----
From: Murphy, Paul [mailto:[email protected]]
Sent: Thursday, November 09, 2000 09:36
To: 'Stephan Dubeau'; 'Norman Zhang';
[email protected]
Subject: RE: [FW1] Rules for internet access



I think Norman wanted to identify users based on their NT account rather
than the IP address they came from.

You could use client authentication, using RADIUS and defining a group under
NT.


-----Original Message-----
From: Stephan Dubeau [mailto:[email protected]]
Sent: 09 November 2000 13:51
To: 'Norman Zhang'; [email protected]
Subject: RE: [FW1] Rules for internet access


Here is the sample of my rules:

Administrator(group1)------>Internal_net(NEGATE)---->any--------------->acce
pt--->no time restriction.
Project
Manager(group2)--->Internal_net(NEGATE)--->Valid_services---->accept-->no
time restriction.
Internal_net------------------>Internal_net(NEGATE)---->http_Block_sites
(UFP Server(Websense))---->accept---->TIME RESTRICTION (ex.:12:00 to
13:00...lol..lunch break)

Group1: In this you will find the name & IP address of the internal
computers. (server, admin workstation for work, BOSS computer :) )
Group2: In this you will find the name & IP address of the internal
computers. (project manager who mostly need FTP access to client sites)
Valid_services: Ftp, http, https....that all!!!

Of course you need to have FIX internal address (base 10.x.x.x or 192.x.x.x)
no DHCP. But you can manager DHCP to allow FIX address to specific machine.

My network is all Win NT.
FW-1 is NT also.

****************************************** 
* Follow your dream! Unless it's the one * 
* where you're at work in your underwear * 
* during a fire drill.                   * 
****************************************** 
*UNIX was never designed to keep people from doing stupid things, because
that policy would also keep them from doing clever things.*
******************************************
Dessinateur / Draftsman & 
Windows NT Administrator 
Stephan Dubeau
Dessin Structural B.D. inc.
B.D. Structural Design inc.
1400 Graham-Bell, Bureau/Office 300
Boucherville, Quebec, Canada
J4B 6H5
Tel.:Fax:mailto:[email protected] (Affaire/Business) 
mailto:[email protected] (Amusement/Pleasure)


-----Original Message-----
From: Norman Zhang [mailto:[email protected]]
Sent: Wednesday, November 08, 2000 20:38
To: [email protected]
Subject: [FW1] Rules for internet access



Hi,

I have an NT domain hidden under NAT behind my firewall. I would like to set
up a rule to allow certain users for internet access. Would someone please
kindly tell me what rules that I need to set to enable these users to access
the internet while other users are restricted?

Thanks and regards,
Norman


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


*===========================================================================
=================*
L'information confidentielle incluse dans ce courrier électronique
s'adresse uniquement à la personne, physique ou morale, visée. 
Toute utilisation, copie, divulgation ou distribution non 
autorisée de ce document est strictement interdite. 
Si vous n'êtes pas la personne concernée par cette transmission
électronique, veuillez détruire ce document et nous aviser par 
courriel ou par téléphone au.  Les opinions 
émises dans ce courriel ne représentent pas nécessairement des
opinions véhiculées par Dessin Structural B.D. inc.
*===========================================================================
=================*
The confidential Information contained in this e-mail is 
intended only for the person or entity to which it is addressed.
Any use, disclosure, copying or distribution of this document is
prohibited and may be unlawful. If you are not the intended 
recipient, please destroy this document and notify us by e-mail
or by phone. Any opinions contained within this 
e-mail are not necessarily the opinions of 
B.D. Structural Design inc.
*===========================================================================
=================*


----------------------------------------------------------------------------
-------------------------------------------
This e-mail is intended only for the above addressee.  It may contain
privileged information. If you are not the addressee you must not copy,
distribute, disclose or use any of the information in it.  If you have
received it in error please delete it and immediately notify the sender.

evolvebank.com is a division of Lloyds TSB Bank plc.
Lloyds TSB Bank plc, 71 Lombard Street, London EC3P 3BS.  Registered in
England, number 2065.  Telephone No: 020 7626 1500
Lloyds TSB Scotland plc, Henry Duncan House, 120 George Street,
Edinburgh EH2 4LH.  Registered in Scotland, number 95237.  Telephone
No:Lloyds TSB Bank plc and Lloyds TSB Scotland plc are regulated by the
Personal Investment Authority and represent only the Scottish Widows
and Lloyds TSB Marketing Group for life assurance, pensions and
investment business.

Members of the UK Banking Ombudsman Scheme and signatories to the UK
Banking Code.
----------------------------------------------------------------------------
-------------------------------------------


*============================================================================================*
L'information confidentielle incluse dans ce courrier électronique
s'adresse uniquement à la personne, physique ou morale, visée.
Toute utilisation, copie, divulgation ou distribution non
autorisée de ce document est strictement interdite.
Si vous n'êtes pas la personne concernée par cette transmission
électronique, veuillez détruire ce document et nous aviser par
courriel ou par téléphone au.  Les opinions
émises dans ce courriel ne représentent pas nécessairement des
opinions véhiculées par Dessin Structural B.D. inc.
*============================================================================================*
The confidential Information contained in this e-mail is
intended only for the person or entity to which it is addressed.
Any use, disclosure, copying or distribution of this document is
prohibited and may be unlawful. If you are not the intended
recipient, please destroy this document and notify us by e-mail
or by phone. Any opinions contained within this
e-mail are not necessarily the opinions of
B.D. Structural Design inc.
*============================================================================================*
Title: RE: [FW1] Rules for internet access

oups...true...sorry

I got a small LAN of 35 user, these users dont have rights to switch computer. They do all there work on the same machine, so it was easier for me to config my FW-1 the way I did...




-----Original Message-----
From: Murphy, Paul [mailto:[email protected]]
Sent: Thursday, November 09, 2000 09:36
To: 'Stephan Dubeau'; 'Norman Zhang';
[email protected]
Subject: RE: [FW1] Rules for internet access



I think Norman wanted to identify users based on their NT account rather
than the IP address they came from.

You could use client authentication, using RADIUS and defining a group under
NT.


-----Original Message-----
From: Stephan Dubeau [mailto:[email protected]]
Sent: 09 November 2000 13:51
To: 'Norman Zhang'; [email protected]
Subject: RE: [FW1] Rules for internet access


Here is the sample of my rules:

Administrator(group1)------>Internal_net(NEGATE)---->any--------------->acce
pt--->no time restriction.
Project
Manager(group2)--->Internal_net(NEGATE)--->Valid_services---->accept-->no
time restriction.
Internal_net------------------>Internal_net(NEGATE)---->http_Block_sites
(UFP Server(Websense))---->accept---->TIME RESTRICTION (ex.:12:00 to
13:00...lol..lunch break)

Group1: In this you will find the name & IP address of the internal
computers. (server, admin workstation for work, BOSS computer :) )
Group2: In this you will find the name & IP address of the internal
computers. (project manager who mostly need FTP access to client sites)
Valid_services: Ftp, http, https....that all!!!

Of course you need to have FIX internal address (base 10.x.x.x or 192.x.x.x)
no DHCP. But you can manager DHCP to allow FIX address to specific machine.

My network is all Win NT.
FW-1 is NT also.

******************************************
* Follow your dream! Unless it's the one *
* where you're at work in your underwear *
* during a fire drill.                   *
******************************************
*UNIX was never designed to keep people from doing stupid things, because
that policy would also keep them from doing clever things.*
******************************************
Dessinateur / Draftsman &
Windows NT Administrator
Stephan Dubeau
Dessin Structural B.D. inc.
B.D. Structural Design inc.
1400 Graham-Bell, Bureau/Office 300
Boucherville, Quebec, Canada
J4B 6H5
Tel.:
Fax:
mailto:[email protected] (Affaire/Business)
mailto:[email protected] (Amusement/Pleasure)


-----Original Message-----
From: Norman Zhang [mailto:[email protected]]
Sent: Wednesday, November 08, 2000 20:38
To: [email protected]
Subject: [FW1] Rules for internet access



Hi,

I have an NT domain hidden under NAT behind my firewall. I would like to set
up a rule to allow certain users for internet access. Would someone please
kindly tell me what rules that I need to set to enable these users to access
the internet while other users are restricted?

Thanks and regards,
Norman


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


*===========================================================================
=================*
L'information confidentielle incluse dans ce courrier électronique
s'adresse uniquement à la personne, physique ou morale, visée.
Toute utilisation, copie, divulgation ou distribution non
autorisée de ce document est strictement interdite.
Si vous n'êtes pas la personne concernée par cette transmission
électronique, veuillez détruire ce document et nous aviser par
courriel ou par téléphone au.  Les opinions
émises dans ce courriel ne représentent pas nécessairement des
opinions véhiculées par Dessin Structural B.D. inc.
*===========================================================================
=================*
The confidential Information contained in this e-mail is
intended only for the person or entity to which it is addressed.
Any use, disclosure, copying or distribution of this document is
prohibited and may be unlawful. If you are not the intended
recipient, please destroy this document and notify us by e-mail
or by phone. Any opinions contained within this
e-mail are not necessarily the opinions of
B.D. Structural Design inc.
*===========================================================================
=================*


-----------------------------------------------------------------------------------------------------------------------
This e-mail is intended only for the above addressee.  It may contain
privileged information. If you are not the addressee you must not copy,
distribute, disclose or use any of the information in it.  If you have
received it in error please delete it and immediately notify the sender.

evolvebank.com is a division of Lloyds TSB Bank plc.
Lloyds TSB Bank plc, 71 Lombard Street, London EC3P 3BS.  Registered in
England, number 2065.  Telephone No: 020 7626 1500
Lloyds TSB Scotland plc, Henry Duncan House, 120 George Street,
Edinburgh EH2 4LH.  Registered in Scotland, number 95237.  Telephone
No:

Lloyds TSB Bank plc and Lloyds TSB Scotland plc are regulated by the
Personal Investment Authority and represent only the Scottish Widows
and Lloyds TSB Marketing Group for life assurance, pensions and
investment business.

Members of the UK Banking Ombudsman Scheme and signatories to the UK
Banking Code.
-----------------------------------------------------------------------------------------------------------------------



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.