Guys/Gals,
how does firewall 1 handle internal or dmz proxies. If for instance I invoke
the
dark satanic power of microsoft and implment a microsoft proxy server, how
do
I implement pass through security for such a box???
CLIENT--->HTTP PROXY---->FW-1---->Internet
so, my user's authenticate with the HTTP proxy, but how do I then pass this
through
to firewall 1, won't firewall one see the proxy as a single IP/USER?
or do I place the proxy on the DMZ network, and just let firewall-1 'route'
packets
to it??? but then I have to manage NT user authentication from the dmz to
the
internal lan??? yukky stuff? and I really want to use the http application
level
proxy of fw-1 rather than rely on nat/routing rules.
it's all very crazy and unclear,
I'd like to hear from anyone using this type of configuration.
I guess that the proxy can support 'clear text' http authentication, and
pass this through, but what about NT authentication methods, like chap?? or
even ssl? help!
Cheers,
Lee
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
