RE: [fw-wiz] Firewalls acting as access controllers
From: Paul Melson (psmelson_at_comcast.net)
To: "'Green Horn'" <email@example.com>, <firstname.lastname@example.org> Date: Thu, 26 May 2005 12:01:51 -0400
Yes, Check Point can do this in a variety of ways using authentication
rules. What you are asking for sounds like 'partially-automatic client
authentication'. More info here:
Several other common firewalls can do this, also. Cisco's PIX comes to
mind, as well.
Subject: [fw-wiz] Firewalls acting as access controllers
I am new to firewalls.
Do firewalls provide dynamically defined access control i.e., can they act
as access controllers.
e.g., it should be able to do the following, a user tries to access a
resource, the packets would come to the firewall, if they are HTTP packets
and the user is new (from IP address not being in the authenticated list),
the packets would be redirected to a webproxy, the webproxy tries to get the
user authenticated by a AAA server (say RADIUS), the firewall would get an
authorization message from the AAA server (or webproxy), saying the time the
user must be allowed access, the resources he can access etc.
The firewall would provide that access.
Can this be done by the firewalls in the market such as Checkpoint
firewall-wizards mailing list