Unless you're afraid of your own users hacking this FTP server in the DMZ,
shouldn't you implement this security setup on the FTP server rather than the
firewall? I assume you are performing some sort of authentication on the FTP
server. I suppose if you are using "anonymous," this isn't an option, but keep
in mind that the firewall is usually, but NOT always, the best place to
implement security.
Just my 2cents
Dan Hitchcock
Network Engineer
"Ivan Fox" <[EMAIL PROTECTED]> on 06/30/2000 06:29:13 AM
To: "Firewall-1" <[EMAIL PROTECTED]>
cc: (bcc: Dan Hitchcock/CSB)
Subject: [FW1] groups
Let's say, I have 1000 internal users, only 500 of them need to pass through
a firewall to access a ftp server in the DMZ. These 1000 users using one
big subnet. Meaning that I cannot limit the access by "network". I don't
want to create 500 users account on the firewall to avoid
administration/performance overhead.
Is there an easy way to handle this scenario?
Any pointers are much appreciated.
Regards,
Ivan
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
