Authentication is very important when you use dynamic IP addressing (DHCP) for computers on the trusted or optional network. It is also important if you must identify your users before you let them connect to resources on the external network. Because the Firebox® associates a user name to an IP address, we do not recommend that you use authentication features in a network with multi-user computers such as Unix servers, terminal servers or Citrix servers. The Firebox authenticates one user per computer.
With WatchGuard® System Manager, you
can configure authentication on a per policy basis. For example, you can force
some users to authenticate before they connect to an FTP server although they
can browse the Internet without authentication.
To get access to services such as HTTP or FTP the user types a domain along with their login name and password. For the duration of authentication, the user name is associated with connections coming from the IP address from which the user authenticated. This makes it possible to monitor not only the computers from which connections originate, but also the users who start the connection. While the user is authenticated, all the connections that the user starts from the IP address include the session name.
Return to Top
Copyright © 1996 - 2005 WatchGuard Technologies, Inc. All rights reserved.