I was not going to answer the question, because saman kumara dissanayake
didn't mind to post his question about 20 times, all with inappropriate
subject lines.
But now that he's getting wrong answers, I think I'd better correct
them.
I G schrieb:
saman kumara dissanayake wrote:
i am using fw-1 on nt .it is working fine.but i want to configre it to as
follows
set of people only for email access
set of people only for internet access
i ty like this
i create user
i create groups
if i put rules and servises it is not working
clients are using tcp/ip .how i popup password if their are try to access
internet.
plese try to advise me
saman
As far as i know, you cant do it by FW-1. Because this subject belongs
to HTTP and SMTP authentication.
Of course you can do that with FW-1. And saman is on the right way.
The rules he has to use are (assuming groups and users are created):
1. http-user-group any http->http-resource
user-authentication
2. http-user-group any http->http-resource reject
The users must configure their browsers to use the FW as proxy. The
resources have to be configured properly.
Rule 1 asks the users in the group http-user-group for username/password
before the connection is allowed. Rule 2 just prevents to fall back to a
less restrictive rule if one exists.
you can set up this with proxy-authentication. Use smtp and http proxy
which include authentication method to get you want.
FW-1 provides user authentication for http, ftp, smtp and telnet. Did I
forget a protocol?
Best regards,
Ilker G.