[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] SecurID externally, no SecurID internally?
Right Ian, that's what we're doing now. The problem is that you them have to issue a SecurID token to anyone who uses that server, including internal users. That gets expensive quickly, and I really only need the additional security for users connecting from machines and locations out of our control. That's why I'm interested in the internal->password/external->SecurID solution. What I'm looking for is a way to get the client to handle the SecurID challenge without using Securemote. It almost seems impossible since the Citrix client has no knowledge of SecurID, so you'd have to run *something* on the client side to handle the authentication prior to ICA coming up. What that *something* is I don't know. Geoff -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Friday, February 23, 2001 12:05 PM To: [email protected] Cc: [email protected] Subject: RE: [FW1] SecurID externally, no SecurID internally? Hi Geoff The ACE/Agent for Windows NT/2000 runs on the Citrix MetaFrame Server. Upon logon to the MetaFrame Server, the user is challenged by both MetaFrame Security and SecurID passcode Security. There are installation papers for both NT and Win2K on the citrix site - go to the Solution Knowledge base and search on SecurID. In a Citrix environment, I find this a better alternative to using a VPN Client. Ian Watson -----Original Message----- From: Geoffrey Moon [mailto:[email protected]] Sent: Friday, February 23, 2001 6:05 AM To: [email protected] Subject: [FW1] SecurID externally, no SecurID internally? Anyone know of a way to require SecurID access to a server when the client (Citrix ICA) is outside the firewall, and allow access to that same server without using SecurID when the client is behind the firewall? Is it as simple as setting up an auth rule on the firewall, or do I have to use Securemote and hybrid auth to make this work? I'm trying to avoid Securemote since the ICA session is already encrypted. Geoff ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|