"authentication proxy" from PIX inside interface?????

kirkster — Fri, 21 Feb 2020 18:12:11 GMT

Hi,

I have a customer with a Watchguard firewall. They have an interesting feature in that they can http (or https) to the inside interface address on port 4100. This throws a username/password applet back to the user. When authenticated (done locally on the watchguard) they can browse the web. This allows users to browse from any PC (so we don't have to worry about inside IP addresses) and bypass the websweeper http proxy. This is a very useful facility for authenticated users given access to this service - i.e. bosses !!!

Can I do anything similar to this on PIX515E? I was thinking of the virtual telnet/http service. Would it be possible to authenicate locally on the PIX? Could I also authenticate on a Windows Active directory instead of a Radius server? This is advanced stuff for me at the moment sicen I am a newbie to PIX so forgive me if this question is a bit previous.

Thanks for any suggestions or URL's

Regards, Steve

Re: "authentication proxy" from PIX inside interface?????

nkhawaja — Thu, 03 Feb 2005 18:32:53 GMT

you are thinking in the right direction. you can use virtual telnet/http (auth proxy), but you have to use some radius server . you cant directly connect to active directory. you can configure the radius server to talk to active directory.

topic Re: "authentication proxy" from PIX inside interface????? in Network Access Control

"authentication proxy" from PIX inside interface?????

Re: "authentication proxy" from PIX inside interface?????