[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Fw: Need help with rule FW1 3.0b
Greetings You can do this with client auth, and by restricting the location (as defined in the "add user access" option). It's been a while since I used 3.0b, but the setup should be the same as on later versions. First, you'll have to create some users. Put them in the group "Clientauth_users" or something similar. Then create workstation objects for the PCs where they can browse the Internet from. Then put those in a group "www_pcs" Then, you'll have 2 rules. # source * destination * service * action 1 clientauth_users@internal_network * specific_machine * HTTP * client-auth. 2 clientauth_users@www_pcs * ANY * HTTP * client-auth. Anyone on your internal network can browse to your intranet machine(s) assuming they authenticate. Any of the same users, coming from select IPs, would also be able to browse the Internet. Regards jakevil ----- Original Message ----- From: "tom volpe" <[email protected]> To: <[email protected]> Sent: Thursday, February 08, 2001 4:21 PM Subject: [FW1] Fw: Need help with rule FW1 3.0b > > > > > I need help with a rule. I have a 'group' who needs access to the > internet and an internal web server from specific PC's with fixed/known > IP address's. > > From the above sentence I have determined the SOURCE- 'group', a > DESTINATION - 'any' with a known SERVICE - 'http'. > > > I need to add a rule. > > When a 'group' member uses an un-specified PC (unknown IP address) they > can still use the HTTP protocol to an 'internal web server' but not > have > access to the internet. > > Over all I'm trying to limit access to the internet from our internal > network for a specific group when they fail to use a predefined PC. > > Any help in this would be much appreciated. > > Sincerely, > Tom Volpe > Senior Network Janitor > > > > > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|