Can I do this with a firewall? nat with Password!

Can I do this with a firewall? nat with Password!

am 17.09.2006 23:04:37 von Adrian

Hi

We have a URL and access to it is controlled by source IP
address, as many of our users increasingly have dynamic IP address we are
looking for a quick solution without changing the current system which is
hosted off site.



The solution I'm thinking of is to register a new URL point it's "A" record
at firewall, set the firewall rules to check the user by prompting for
username / password, then set the it to forward everything back out to the
net by using Nat and on to the
original URL where a connection will be allowed as we will add the new
firewall's public
IP address to the access list.


It is essential that the traffic flow is kept via the firewall and the we
present the firewalls source IP address to the end system not the users.


So setting aside any concerns about how secure either system will be, would
this approach work? and examples?

Re: Can I do this with a firewall? nat with Password!

am 18.09.2006 00:40:09 von roberson

In article ,
Adrian wrote:

> We have a URL and access to it is controlled by source IP
>address, as many of our users increasingly have dynamic IP address we are
>looking for a quick solution without changing the current system which is
>hosted off site.

Your existing system very likely already has a username / password
mechanism available. Any reputable hosting company would support it.

You should decide, though, on what level of security is appropriate
for the username and password combinations. Unless the name and
password is just intended to be a small deterent, then you probably
don't want them going out "in the clear". Standard firewall
authentication for http URLs uses plaintext, so you'd probably be
wanting to switch to https. You may wish to consider leaving your
home page as http but have a link or a redirection to https .

Re: Can I do this with a firewall? nat with Password!

am 21.09.2006 00:23:41 von Adrian

Thanks, and yes the current system is username and password protected, the
username and Password from the firewall was only intended as an outer
defence.

I'm more concerned with mapping the source IP address and forwarding it is
this easily done in a firewall or should I put a NAT router behind it?

Thanks


"Walter Roberson" wrote in message
news:d9kPg.547331$Mn5.35677@pd7tw3no...
> In article ,
> Adrian wrote:
>
>> We have a URL and access to it is controlled by source IP
>>address, as many of our users increasingly have dynamic IP address we are
>>looking for a quick solution without changing the current system which is
>>hosted off site.
>
> Your existing system very likely already has a username / password
> mechanism available. Any reputable hosting company would support it.
>
> You should decide, though, on what level of security is appropriate
> for the username and password combinations. Unless the name and
> password is just intended to be a small deterent, then you probably
> don't want them going out "in the clear". Standard firewall
> authentication for http URLs uses plaintext, so you'd probably be
> wanting to switch to https. You may wish to consider leaving your
> home page as http but have a link or a redirection to https .