Firewall authentication & W2K Terminal Server

[Andy Jonkers]

Hey,   I'm looking for a firewall, which can give me a solution for the problem I'll be describing.   I've got a Windows 2000 Terminal Server, and the Terminal Server clients can browse the Internet using their session. However, they need to be authenticated by a firewall appliance before they are allowed, and their activity needs be logged on a user basis.   The firewall I'm using testing for the moment -WatchGuard Firebox II- cannot do what I want. Once a Terminal Server user authenticates successfully, all other are allowed. This is because my WatchGuard dynamically changes the ACLs, because of the successfull authentication, and allows Internet access originated from the Terminal Server Source IP. Additionally, it cannot log on a user basis, as far as my WatchGuard is concerned it comes from the Terminal Server. I've also tested the Nortel Contivity Instant Internet Gateway, and they have the same problem as above. During my CheckPoint Firewall-1 training, I've asked the same question. The Certified Instructor told me it wasn't possible on CP FW-1, for the same reasons as described above. However, I didn't have the opportunity to test it so far.   Does anyone know a firewall which can perform what I want? And if yes, can he or she describe how it is done? Any help is welcome, and I thank you for the answer(s) to my question.   Regards, Andy JONKERS