Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
304
Views
0
Helpful
2
Replies

Uncommon Firewall Requirement

iraban
Level 1
Level 1

‎09-27-2006 06:29 AM - edited ‎03-09-2019 04:19 PM

I have a customer who wants a stateful packet inspection firewall that will be responsible for controlling outbound traffic for internal users. They have a separate firewall that will deal with blocking inbound traffic. The want the ability to make allow/deny decisions based on user name and/or group membership. The allow/deny decisions will be strictly port/protocol based and they want the ability to specifically allow or deny all TCP and UDP ports and ICMP traffic on a user by user basis. The firewall needs to integrate with eDirectory (first choice) and/or Active Directory and they want, in effect, single sign on functionality so that users log in to the domain and the firewall then uses those domain credentials. They have looked at single sign on options but don?t want to install additional desktop clients.

Please advise.

Thanks for your time

Labels:
0 Helpful
2 Replies 2

jowalton
Level 1
Level 1

‎09-30-2006 09:43 PM

Sounds like your customer is working hard, and not smart. :o)

The simple solution would be to add an Access Control Server and point the firewall to it. Setup the groups and assign the users accordingly. If you need to permit/deny based on time, you could configure "Time-Based" ACLs.

note: you can also configure the ACS to talk to AD.

0 Helpful

kamal-learn
Level 4
Level 4
In response to jowalton

‎09-30-2006 10:13 PM

hi

think auth-proxy!!!

HTH

0 Helpful
Customers Also Viewed These Support Documents