[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Creating 'Restrictive Services' ...
I'm currently using a Client Authentication method to allow users to access internet services. However, the current rulebase allows a specific group of users access to all remote hosts via http. What I'm trying to accomplish is to restrict certain hosts from one group, but allow another group to access them. I thought I had it working; however, the rulebase seems to ignore the 'Special' group and drop the packets anyways. My current setup is something like this: "Restricted Services Group" contains the hosts I want to restrict access to. (napster servers for example). "Special Users" contains the users that I want to be able to access the 'Restricted Hosts' "InternalUsers" contains the users who get general access to the internet -- Anyone in 'Special Users' is here also. "priv_net" is the local private network where the users workstations are connected. "Client Authentication" is configured as Standard and Partially Automatic Login and expires every 12 hours. Infinite Connections. Rule1: SpecialUsers@priv_net -> Restricted Services Group -> Any Service -> Client Auth Rule2: Any Source -> Restricted Services Group -> Any Service -> Drop Rule3: InternalUsers@priv_net -> Any Destination -> Any Service -> Client Auth Rule4: Any Source -> Any Destination -> Any Service -> Drop Am I going about this all wrong? It's been a long day and I'm sure I'm just missing something silly. Any input would be greatly appreciated. Thanks in advance. Joe. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|