PIX 525 / Websense Question.... Can't figure this one out...
Ok, so I'm trying to go live with my new Pix 525/websense combo and I have this last little beast to work out.
With the latest verion of PIX (6.3) you "can" direct ftp traffic at the Websense server. Unfortunately that will only take care of authorization and not authentication. It just lets them go if the ftp "protocol" is allowed for the group they're in. Not acceptable!
I need to be able to put people into an NT group that have permission to ftp outbound and have them authenticate through the firewall in order to do it.
The direction I've been attempting is pointing my radius box to the NT group and the PIX to the radius server. I get prompted for authentication now but it's for the site I'm ftp'ing to not the firewall/Radius. All I have to do is check the logon as anonymous box and out I go. Before I put the lines in the pix it just let me go staright through which is also unacceptable. I must have something done wrong or am going the wrong way with this.
Re: PIX 525 / Websense Question.... Can't figure this one out...
Treat the issues of authorization and URL filtering (using websense) seperately. Websense handles 'where'. The AAA server deals with 'who' and 'what'. The PIX Firewall performs a username lookup, and then the Websense server handles URL filtering.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...