Date: 12/24/97 8:17:23 AM From: Keith Bastin Subject: Re: Firewall-1, Radius & Netware NDS To: (""@LOCAL) At 07:26 AM 12/23/97 -0500, you wrote: >Hi all, > >We're in the process of installing a Checkpoint Firewall-1 firewall to protect >our >new academic intranet. This intranet will offer medical curriculum to our >student >population, and will be accessed both from our internal network, and via the >Internet. > >What we want to do, is use our Netware NDS to authenticate our users, using >their Netware signon. This will avoid having to maintain thousands of separate >user ids for the firewall. We need to identify three groups of access, faculty, >staff, >and students. Each group of people can get access to different areas of the >intranet. Our Netware NDS knows what category each of these people are in. >What we want to do, is have Firewall-1 (utilizing Radius) determine which group >(faculty, staff, student) a particular person belongs in. Then we can >allow/disallow >access via the Firewall-1 rules to different URLs. Oh, by the way, we are >currently using the Radius server NLM from Novell. > >Does anyone have any suggestions? Has anyone done anything like this? >Does anyone know of any products that interface with Firewall-1 to allow >authentication data & classifications of people to pass back and forth between >a Radius server, and Firewall-1? Is anyone aware of a Radius server that >interfaces with NDS other than Novell's? > >Thanks, >Jeff Zarend >Medical College of Ohio >jzarend@mco.edu >(419) 383-4505 Did you look at Ukiah? (www.ukiahsoft.com) Their Netware version is a major improvement over Netware's crude packet filter. (Which I wouln't call a firewall.) The Border Manager proxy server IS a very fast proxy cache server and as a stand alone product is excellent but Novell does not yet have a usable filter configutation tool and the only services that are protected at all (beyond a basic packet filter) is www and gopher (does anyone still USE gopher?) Anyway it works with NDS much better than Novell's and it has the distinction of actually being a firewall... not to mention having a lower price tag...