In my company we have several networks that are segregated from the overall corporate LAN (2 in the US, 2 outside of the US). These are physically seperate networks on seperate subnets, but all of the computers on the 4 networks are on the same global domain. The networks use the corporate lan to pass data between them.
Each network has a single physical line in and out and each network has a firewall at the "front door". This firewall is there to prompt for authentication from users trying to come in over our corporate VPN connection. They have to provide domain credentials for our global domain. Inside each of our networks there is also an authentication server that authenticates their domain credentials they provide.
Currently if a user want to access site A from VPN, they have to authenticate to site A's firewall. If they then want to access site B they have to again authenticate to site B and so on.
My question is, is it possible to set it up so that a user can authenticate on thefirewall at site A and then be automatically allowed access to the other sites as well? Somehow the firewall would need to communicate to the other firewalls that this IP address is OK? Or does the authentication server need to be set up to contact all the firewalls?
Just wondering if this is possible or if the users just need to authenticate to each site.