Thanks, however, this would require to install MetaIP, which is a thing I'de
like to avoid. I'm happy enough with DNS and WINS.
FYI, versions are 4.0SP5 for FW-1 and 1.5 for FG. on NT4SP5
Thanks
----------------- FROM : ---------------
Michel Toussaint,MCSE
System Administrator
Eonic Systems NV
Mailto:[EMAIL PROTECTED]
Vcard http://www.eonic.com/vcards/mto.vcf
- From Deep Space To Deep Sea -
Web site: http://www.eonic.com
-----------------------------------------
-----Original Message-----
From: Cannella, Michael (ISS Southfield) [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 08, 2000 7:58 PM
To: Michel Toussaint; Fw-1-Mailinglist (E-mail)
Subject: RE: [FW1] FW1 & Floodgate
Well, I don't know what version of the FW you're running (nor have I
configured it myself outside of a test lab), but the following is possible.
Use MetaIP for DHCP, run the UAT (User Authentication Trap, I think) on all
of your DCs, the UAM (User to Address Mapper) on your Management Server.
The result is that you create a mapping of:
Domain User<-->IP address<-->Hostname<-->MAC Addr.
This lets you base Floodgate rules on the user. Mapping the user to the
host for bandwidth management happens on the fly, no matter what box they
use.
I would recommend making sure the versions of FW and floodgate required,
although I've gotten it going (in a completely artificial test environment)
on MetaIP 4.1, Floodgate-1 4.1, VPN-1/FW-1 4.1 SP1, and (I think) NT4 SP4 or
SP5.
Good luck
Michael
-----michael cannella mcse, ccsi mailto:[EMAIL PROTECTED]
-----Internet Security Systems, Secure University
-----http://www.iss.net/
> -----Original Message-----
> From: Michel Toussaint [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 08, 2000 10:58 AM
> To: Fw-1-Mailinglist (E-mail)
> Subject: [FW1] FW1 & Floodgate
>
>
>
> With a FW-1 + Floodgate1.5:
> Can I set the bandwidth per user with authentication to a NT Domain ?
> Let say for example that users of group "mp3 jerks" are
> limited to 14.4
> Kbits/sec.
>
> Currently, when someone doesn't respect the company policies,
> I have to
> limit the bw using his or her IP address. Well, this works
> but it's far from
> being convenient.
>
> Any help appreciated ;-)
>
> ----------------- FROM : ---------------
> Michel Toussaint,MCSE
> System Administrator
> Eonic Systems NV
> Mailto:[EMAIL PROTECTED]
> Vcard http://www.eonic.com/vcards/mto.vcf
> - From Deep Space To Deep Sea -
> Web site: http://www.eonic.com
> -----------------------------------------
>
>
>
> ==============================================================
> ==================
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
