Identity based firewall: outside of network users

Networking/Security Forums -> Firewalls // Intrusion Detection - External Security

Author: HGilbertLocation: Chestnut Ridge, NY PostPosted: Wed Nov 28, 2012 12:31 am    Post subject: Identity based firewall: outside of network users
    ----
Our school wants to set up an identity based firewall to provide differentiated internet access for faculty and various groups of students, all of whom sometimes use the same set of school computers.

Many faculty also use their personal laptops, and sign on to these using a local user account, rather than as a network user. Up to now any computer connecting to the wireless or ethernet has been able to get internet access. (Students do not normally use personal laptops, just the school machines.)

Our network admin says that if we go to an identity based firewall, the non-network user ids will be blocked from internet access. I hope there is some workaround for this. Any help will be very appreciated.

Author: Intnull0 PostPosted: Fri Dec 28, 2012 6:18 pm    Post subject: It is possible
    ----
But there are different methods of accomplishing this, depending on what firewall solution you install. Using Cisco ASA firewalls and Cisco wireless LAN controllers we created a solution that allows internal users access to network resources based on group membership and ACLs. With the wireless LAN controllers we use the valet service to provide wireless guest access much like hotels do. Using VLANs we can keep the internal traffic (AD authenticated) separate from the guest traffic (wireless LAN controller authenticated) and allow them access to the Internet.
(Edit: it sounds like I am pushing Cisco but I'm really not...it's just what we have.)



Networking/Security Forums -> Firewalls // Intrusion Detection - External Security


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group