Re: [fw-wiz] Firewalls acting as access controllers

From: Chris Buechler (cbuechler_at_gmail.com)
Date: 05/26/05

  • Next message: Magosányi Árpád: "Re: [fw-wiz] Firewalls acting as access controllers" 
    To: Green Horn <teachgreenhorn@yahoo.com>
Date: Wed, 25 May 2005 20:12:23 -0400

    On 5/25/05, Green Horn <teachgreenhorn@yahoo.com> wrote:
    >
    > Do firewalls provide dynamically defined access
    > control i.e., can they act as access controllers.
    > e.g., it should be able to do the following, a user
    > tries to access a resource, the packets would come to
    > the firewall, if they are HTTP packets and the user is
    > new (from IP address not being in the authenticated
    > list), the packets would be redirected to a webproxy,
    > the webproxy tries to get the user authenticated by a
    > AAA server (say RADIUS), the firewall would get an
    > authorization message from the AAA server (or
    > webproxy), saying the time the user must be allowed
    > access, the resources he can access etc.
    > The firewall would provide that access.
    >

    Some firewalls can certainly provide access like that or similar. I
    don't know about Check Point in particular. m0n0wall
    (http://m0n0.ch/wall/), an open source firewall project, has captive
    portal functionality that you can use to force users to be
    authenticated over HTTPS to a RADIUS server before being able to get
    to the internet. It's not quite as granular as you describe, but very
    similar. I'm sure some commercial products offer that functionality.

    -Chris
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Magosányi Árpád: "Re: [fw-wiz] Firewalls acting as access controllers"

    Relevant Pages

    • Re: REPOST: Authentication, Authorization TO Firewall
      ... can they act as access controllers. ... the firewall, if they are HTTP packets and the user is ... list), the packets would be redirected to a webproxy, ...
      (comp.security.firewalls)
    • Re: CEICW fails at firewall config
      ... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ...
      (microsoft.public.windows.server.sbs)
    • Re: Recycler security issues on IIS server
      ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
      (microsoft.public.inetserver.iis.security)
    • Re: ISA SERVER NOT STARTING
      ... I delete the nat/basic firewall and stop and started the RRAS an tried to ... There were no critical events in the DNS Server Log in the last 24 hours. ... An error occurred during logon ... Caller User Name: - ...
      (microsoft.public.windows.server.sbs)
    • Re: For Microsoft Partners and Customers Who Cant Download or Access
      ... to reconfigure the firewall, but to use a static IP on your client ... and to make sure that the DNS server entries on the client are ... Microsoft for msdn2.microsoft.com. ... use a static IP and set the DNS server addresses to the DNS ...
      (microsoft.public.dotnet.general)