[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Meta IP - integration with fw-1
As far as I am aware, the integration of MetaIP to Firewall-1 is strictly for logging purposes. (DNS not DHCP) Normally, Firewall-1 logs the IP Addresses of inbound and outbound transactions. Integrating the dynamic DNS with DHCP will allow your users' system names to be logged to the Firewall-1 logs instead of just their IP Addresses. What you can do is use the DHCP system to make sure those users continually get an IP Address that would prevent them from getting to the Internet. You would give them a permanent reservation in DHCP, then you would need to create a couple of rules in your ruleset that would restrict both inbound and outbound access to the firewall to the IP ranges defined by your DHCP system. Then, also, their system names via the dynamic DNS would be written to the Firewall logs and you could watch them try to gain access to the Internet only to be rejected. However, unless you have specific rules in place governing system management (ie; they could lose their jobs if they were to manually change their IP Address to an address that has Internet access). Best regards, Layne Meier Network/Internet Analyst Atlanta Newspapers Lior Arbel wrote: > Hello All > I have Meta ip Newbe Question !!! > > I need help about intagretion of Meta ip with Fw-1 > i have DHCP and i want to block some users from access > to the Internet. > i have 300 users and want to block about 100 users > and i am thinking of buying meta ip , i have > checkpoint 4.1 sp3 unlimited. > do i need to configure on fw-1 all the 300 users or > the 100 users for the blocking or i can get the user > list from the Meta IP > > Best Regards > Lior Arbel > > __________________________________________________ > Do You Yahoo!? > Yahoo! Auctions - buy the things you want at great prices > http://auctions.yahoo.com/ > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|