| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] Creating 'Restrictive Services' ...
I'm currently using a Client Authentication method to allow users to access
internet services. However, the current rulebase allows a specific group of
users access to all remote hosts via http. What I'm trying to accomplish is
to restrict certain hosts from one group, but allow another group to access
them. I thought I had it working; however, the rulebase seems to ignore the
'Special' group and drop the packets anyways. My current setup is something
like this:
"Restricted Services Group" contains the hosts I want to restrict access to.
(napster servers for example).
"Special Users" contains the users that I want to be able to access the
'Restricted Hosts'
"InternalUsers" contains the users who get general access to the internet --
Anyone in 'Special Users' is here also.
"priv_net" is the local private network where the users workstations are
connected.
"Client Authentication" is configured as Standard and Partially Automatic
Login and expires every 12 hours. Infinite Connections.
Rule1: SpecialUsers@priv_net -> Restricted Services Group -> Any Service ->
Client Auth
Rule2: Any Source -> Restricted Services Group -> Any Service -> Drop
Rule3: InternalUsers@priv_net -> Any Destination -> Any Service -> Client
Auth
Rule4: Any Source -> Any Destination -> Any Service -> Drop
Am I going about this all wrong? It's been a long day and I'm sure I'm just
missing something silly. Any input would be greatly appreciated.
Thanks in advance.
Joe.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
|
|
