I am currently looking at potential replacement options for an existing NAC
solution that is EOL, and PacketFence seems like a viable replacement candidate
however I was hoping to clarify by just listing what I am trying to accomplish
and get some validation that I did in fact read and understand everything
correctly and this will work (Before I spend the time to set it all up).
I have a large network separated both by VLSM subnets, as well as via VLAN
tagging.
I want to place Packetfence as an additional layer between what we will call
Network 'A' and Network 'B' (We can assume these networks both reside on
different subnets, as well as separate VLANS)
Before allowing traffic (Which I want to be able to define by user) I want a
user to authenticate, this authentication will be integrated with LDAP (Active
Directory), as well as if possible MFA (I use Duo Mobile), and if successful
the defined traffic from the authenticated workstation/user will be allowed
through to the hosts/ports/vlan(?) that user has been configured as permitted
to access.
What I really like is it appears (Unlike my existing solution) that I may be
able to manage this not only by Subnet but potentially by VLAN as well which is
far more secure if I am in fact reading this correctly.
If at a high level this is all possible (And based on what I have read so far
it certainly seems like it is), I am going to begin a test build but obviously
something of this scope is not just a server build but includes network
hardware as well. (If there are options out there for setting up a sandboxed or
virtual test network I would love to hear about them, as I am not aware of
anything, and things like AWS do not appear to give me the level of control I
would need to set this up with VLAN tagging)
Thanks!
Mike
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users