Re: Firewalls acting as access controllers

[Chris Buechler <cbuechler () gmail com>]

On 5/25/05, Green Horn <teachgreenhorn () yahoo com> wrote:
> Do firewalls provide dynamically defined access
> control  i.e., can they act as access controllers.
> e.g., it should be able to do the following, a user
> tries to access a resource, the packets would come to
> the firewall, if they are HTTP packets and the user is
> new (from IP address not being in the authenticated
> list), the packets would be redirected to a webproxy,
> the webproxy tries to get the user authenticated by a
> AAA server (say RADIUS), the firewall would get an
> authorization message from the AAA server (or
> webproxy), saying the time the user must be allowed
> access, the resources he can access etc.
> The firewall would provide that access.

Some firewalls can certainly provide access like that or similar.  I
don't know about Check Point in particular.  m0n0wall
(http://m0n0.ch/wall/), an open source firewall project, has captive
portal functionality that you can use to force users to be
authenticated over HTTPS to a RADIUS server before being able to get
to the internet.  It's not quite as granular as you describe, but very
similar.  I'm sure some commercial products offer that functionality.

-Chris
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards