We are in the process of planning a direct connection to the Internet. Our Enterprise Network is based on Netware 4.11 and we use NDS for our directory service. We have narrowed the choices for the bastion host down to Checkpoint FW-1 on Solaris and TIS Gauntlet on BSD. We do not plan on giving all employees Internet access, but there will still be around 300 who will have access. Our original plan was to use Novell's BorderManager between the bastion host and the EN for caching and controlling access to the outside through the NDS object rights associated with BorderManager. This part of the plan has been cut out due to -$$$. It may be put in place later if the caching is needed. (We are also putting up an Intranet based on IIS. All EN users will have browsers and we plan on controlling what they can access on the Intranet server by using NDS for NT.) How does one go about controlling access to the bastion host? I don't want these users having ids on the bastion host. So what other choices are there? PS: Please, no comments on FW-1 vs. Gauntlet preferences outside of the access question. That's for us to decide - which product will implement our security policy the best. Thanks, Kevin
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:55:17 PDT