Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Impossible Problem for NG?

To: [email protected]
Subject: [FW-1] Impossible Problem for NG?
From: Christopher Collins <[email protected]>
Date: Wed, 4 Sep 2002 11:08:51 -0400
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

This may be a little long-winded to explain my situation...

We want to be able to track people by there Windows 2000 Active Directory
usernames no matter what computer they surf from.

We would like to upgrade to NG and have NG use RADIUS to tie into Active
Directory through Microsoft IAS Server. Question 1: Does this authentication
require users to input there username and password to access the web or does
this authentication take place in the background (single sign-on)?

We also have remote users that dial into Microsoft Terminal Server (with
Citrix client) to gain access to our internal network. Browsing the Internet
is then available to them as if they were part of our internal network. All
Internet access goes out through Check Point.

My understanding is that this authentication method uses IP to username
mappings, and therefore when the first person logged on to Terminal Server,
that person would be authenticating for all users of Terminal Server (as it
is a single IP address with multiple users).

Question 2 - Does anyone see any way that we can track users by their domain
username when they surf the Internet, both from the corporate network and
when they dial in through Terminal Server?

Microsoft ISA Server was suggested, but it sucks bad, and too much
functionality will be lost if we implement it. RealPlayer, Windows Media
Player, QuickTime, Shockwave, etc...

I want to use NG, but an "expert" told me it couldn't solve both username
and Terminal Server issues.

All questions, concerns, feedback, solutions are welcome.

Cheers,
Chris

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] Where is archives of FW-1 mailinglist?
Next by Date: [FW-1] Mac OS X and VPN
Previous by thread: [FW-1] SV: [FW-1] AW: [FW-1] Popen failed
Next by thread: Re: [FW-1] Impossible Problem for NG?
Index(es):
- Date
- Thread