One was is to use a proxy inside your firewall with user authentication
enabled. You get local caching and all the logging you want.
What you want to use as your backend user database will help decide which
one... you mentioned NDS, so take a look at Novells Proxy solution Border
Manager (again, not as a firewall, but as a place to cache locally AND track
on a per user basis). We are using CSM and my only real gripe is the
limitation of cache volume size under NT. Optimal size is 2 gigs, but I
have a 3 gigger which seems to work OK, but I have to clear it like every 4
hours to keep the server from crashing because the drive is full (which
is'nt at all annoying....). Sometimes functionality requirements can hinder
maximum operability and efficiency when choosing a solution.
Novells solution can do transparent authentication so users aren't required
to enter a password, but they are tracked on a per user basis, and Novells
caching technology is based on Harvest and Squid, and is EXTREMELY fast.
Carric Dooley
Network Security Consultant
"I have often regretted my speech, never my silence."
- Xenocrates (396-314 B.C.)
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, May 30, 2000 10:22 AM
Subject: Handling Usernames in Firewall Reporting
>
>
> How are companies handling the mapping of Usernames to IP Addresses? My
company
> is currently using static ip address
> assignment along with a very MANUAL database that has Names and IP
addresses.
> This database is then imported into our
> Reporting Database (Telemate) in order to generate Internet Reports based
on
> Names. I basically need a way to handle the
> following:
> 1 - Internal Firewall Authentication (TACACS, Radius, or Novell NDS etc.)
> 2 - Mapping of these signon names to their IP address for the purposes of
> Logging and Reporting Internet Traffic
>
> I am currently using Gauntlet, but I also have brought in Checkpoint and
Meta/IP
> to possibly address these two issues with
> Meta/IP UAM mapping.
>
> Any comments or experiences would be great. I know that implementing a
> DHCP/DDNS solution would help us greatly, however,
> I still need to be able to keep a Username/IP Address mapping. (DHCP
typically
> uses MAC and Windows PC Name which may not be accurate enough)
>
> Thanks,
> Tony Montesano
> Phillips-Van Heusen
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
