This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Rules: AD Users as Source?

Is it possible to have Firewall rules applied to specific Active Directory users?

Usage Scenario: I want 2 developers to have access to the a file on a DMZ server, I would like to open ports

-udp 137
-udp 138
-tcp 139
-tcp 445

for user jbloggs (on internal network), who will be logged on via Active Directorym dynamic DHCP, so that I can map a folder from the DMZ server via \dmzserver\e\web\dev

I am aware I can set their machines to static IP, and base the rule on IP, but that is not preferable, as anyone who sets their IP same as devs would then by default be granted these open ports.

Thanks,
Richard

This thread was automatically locked due to age.

0 RStokes over 11 years ago

Bumpy-d-bump
Cancel
Vote Up 0 Vote Down

Cancel
0 M.Rottler over 11 years ago

If you disable the function that users can set their IPs on their own (Why should they be able to do this?) You don't need that function...!
Cancel
Vote Up 0 Vote Down

Cancel
0 brassardv over 11 years ago

I am using DNS host name or DNS Group name (when 2 ip, Wifi and Ethernet)in the rules so i dont have to use static IP.
The AD DNS is secure so a connected rogue computer cant spoof the Machine DNS names.

Or you can install the "Client Authentication Program" on this machines and then use Users from firewall on your firewall rules.
Cancel
Vote Up 0 Vote Down

Cancel
0 GuyFawkes over 11 years ago

Hi RStokes,
sorry, at the moment, this is only with VPN access possible.

But your request in the Network Protection (firewall) is one of next big step on the Sophos UTM/SG.
In version 10, this will be possible (hopefully) -- Next Generation Management

Here is a timeline:

Nice greetings
Cancel
Vote Up 0 Vote Down

Cancel