I have a question, hopefully somebody could give me a hand with. This might be trivial but i need to find a solution. I need to authenticate my internal users for access outbound (internet), but for ALL services, not just standard HTTP, FTP, TELNET, etc... I have a 4 internal subnets (10...xxx) with various users scattered thoughout them that need access out. All others I want kept in. My company does not want to do this via IP. In fact, they would like to have the authentication use basic NT login (or a provided list) so all authtentication would be transparent. I cannot user any user auth, due to the limitation of services. Transparent Client auth would be fine, but once a user on the network authenticates, all users under that same network are getting passed though the firewall, i've tested this many times and unless I"m setting this up wrong (which I dont believe i'm doing), this doesnt seem to work. I havent tested session auth as of yet, but I'm not sure if that will work either. I was curious to know if anybody else has this setup and what they are using and how.

[FW1] authentication