RE: [fw-wiz] Firewalls acting as access controllers

From: Paul Melson (psmelson_at_comcast.net)
Date: 05/26/05

  • Next message: Norman Zhang: "[fw-wiz] RPC 135"
    To: "'Green Horn'" <teachgreenhorn@yahoo.com>, <firewall-wizards@honor.icsalabs.com>
    Date: Thu, 26 May 2005 12:01:51 -0400
    
    

    Yes, Check Point can do this in a variety of ways using authentication
    rules. What you are asking for sounds like 'partially-automatic client
    authentication'. More info here:
    http://www.phoneboy.com/bin/view.pl/FAQs/AuthenticationFAQs

    Several other common firewalls can do this, also. Cisco's PIX comes to
    mind, as well.

    PaulM

    -----Original Message-----
    Subject: [fw-wiz] Firewalls acting as access controllers

    Hi,
     I am new to firewalls.
    Do firewalls provide dynamically defined access control i.e., can they act
    as access controllers.
    e.g., it should be able to do the following, a user tries to access a
    resource, the packets would come to the firewall, if they are HTTP packets
    and the user is new (from IP address not being in the authenticated list),
    the packets would be redirected to a webproxy, the webproxy tries to get the
    user authenticated by a AAA server (say RADIUS), the firewall would get an
    authorization message from the AAA server (or webproxy), saying the time the
    user must be allowed access, the resources he can access etc.
    The firewall would provide that access.

    Can this be done by the firewalls in the market such as Checkpoint
    firewall-1

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Norman Zhang: "[fw-wiz] RPC 135"

    Relevant Pages

    • Re: integrated vs basic
      ... I create an IIS site http://mysite and only set it up to use integrated ... > Integrated Windows Authentication actually involves two separate ... > The first currently means Kerberos, ... and generally firewalls block access ...
      (microsoft.public.inetserver.iis.security)
    • Re: integrated vs basic
      ... IIS Blog: www.adopenstatic.com/cs/blogs/ken/ ... :> Integrated Windows Authentication actually involves two separate ... :> The first currently means Kerberos, ... :> Kerberos doesn't work through most firewalls because in order to use ...
      (microsoft.public.inetserver.iis.security)
    • Re: [fw-wiz] Proxies, opensource and the general market: whats wrong with us?
      ... implemented and satisfy a lot of needs (technical needs that is, ... management makes a decision that "all firewalls are going to be Cisco" ... Multiple groups per user are allowed, authentication ... does it use the same over-the-wire protocol as the fwtk authsrv ...
      (Firewall-Wizards)
    • Re: [fw-wiz] Firewalls acting as access controllers
      ... firewalls act as access controllers. ... using headers designed for proxy authentication. ... One needs out-band authentication there. ...
      (Firewall-Wizards)
    • Re: NTLM through firewall?
      ... I've tried this from Win2k server & WinXP ... However - I even get AuthenticationType "NTLM" when I change my ... authentication to "Basic Authentication" only - and disable Chall/Resp. ... My conclusion is that NTLM will work through firewalls w/ Win2k+ ...
      (microsoft.public.inetserver.iis.security)