Josh,
There
are two ways that we have to identify users beyond the integration partner (in
your case currently the Microsoft Proxy Server and soon to be the FireWall-1
system), and we have numerous successful installations using either or both
methods. The first, as you mentioned, is what we call the DC Agent.
It is an application that can monitor the logons to your Windows-based domain
controllers (either NT or Windows 2000) and associate the user name with the
workstation IP address. So, when the FireWall sends the workstation IP
address through the UFP request, we can then associate a name with that
request. The other method is to manually challenge the user to
provide a user name and password to the Websense Server. This only works
with FireWall-1 v4.1 SP3 and later. With this method we can authenticate
users against either an LDAP server or a Windows-based domain controller, and if
successful, associate the user with that workstation IP
address.
There
are several other things to consider on this type of configuration change.
You may want to contact our Technical Support department to talk to them about
the advantages and disadvantages of the changes you are considering. They
can be reached either by calling 858-458-2940 or by this web site http://www.websense.com/support/form/index.cfm
Thank
you.
-----Original Message-----
From: Perrymon, Josh L. [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 14, 2002 12:32 PM
To: [EMAIL PROTECTED]
Subject: [FW-1] Using WebSense instead of proxy serversHello,I want to setup Websense with my FW-1 installation and phase out the MS proxy servers. Currently we use proxies because they authenticateour users. ( Some users aren't allowed WWW access and others are)We use DHCP and have 300-700 users so DENY rules wouldn't be efficient. Is anyone using Websense/ FW-1 to authenticate users for WWW?And what problems have you ran into...? I hear there is an agent you install on your domain controllers to query the users DB..ThanksJosh Perrymon
Network Security Consultant
BE&K , INC
(205) 972-6745
