JoeShmoe99
IS-IT--Management
We'd like to set up Checkpoint so that external users (on a seperate VLAN) are asked to authenticate with the Firewall at start-up. Once authenticated we'd like to know if its possible for Checkpoint to log the IP address of the user who has authenticated and effectively issue that IP address a 'ticket' to allow all protocols through the firewall from that IP address for a set period (i.e. 8 hours). Is this possible? This would save users having to re-authenticate for each application behind the firewall they wanted to access
Background: We have 2 VLANS, On one side we have a number of applications that sit in a data centre behind the firewall. The Firewalls currently in place are a redundant pair of Nokia IP 1260s running Checkpoint Firewall-1 NG FP2. Authentication through the firewall will be user based (LDAP authentication)via SMART Directory to integrate the Firewall user database AD
Ideally we want to force all users on the external VLAN to authehticate with the Firewall at startup and allow them to use all these applications through the firewall for the rest of the session ?
Background: We have 2 VLANS, On one side we have a number of applications that sit in a data centre behind the firewall. The Firewalls currently in place are a redundant pair of Nokia IP 1260s running Checkpoint Firewall-1 NG FP2. Authentication through the firewall will be user based (LDAP authentication)via SMART Directory to integrate the Firewall user database AD
Ideally we want to force all users on the external VLAN to authehticate with the Firewall at startup and allow them to use all these applications through the firewall for the rest of the session ?