50 votes
Authentication: Remote Group Membership for Remote Access and Packetfilter
Be able to use eDirectory and Active Directory groups inside the remote access and inside the packetfilter ruleset. This requires the AUA process to add the authenticated ip address of a user to the matching groups he is part of. Customers can use remote authentication and remote group management... more
Status:
completed
HI folks, this has already been added to V7.300. Not sure how it ended up here :). thx Gert
Matthias Nees
i am also hope for future releases that it could be possible to set packetfilter rules on internal segments with remotly Windows AD Users and Groups and not on the IPs of their computers like today.
Please reopen that FR and let the community vote !!!!!
Bob Alfson
Gert, this is NOT completed!
Elmar Haag
I understand it could be a misunderstanding. Yes, you CAN use user objects (instead of fix IP addresses) in packet filter rules , BUT you will neet to authenticate to the ASG in order to use this (you can authentication by any VPN technology, e.g. PPTP, L2PT, SSL, IPsec).
zdenekcizek
Nice would be to have the HTTP proxy AD authentication tied to packet filter as well. As an example - user authenticates to HTTP/S proxy via AD and then his user object is updated with his present IP address and the object then could be used in packet filter. We actually had a request from a user for this functionality in ASG. Users are switching between workstation in company and they need the packet filter rules to update no matter which workstation they are working at at the moment.
Some other secu... more
Nice would be to have the HTTP proxy AD authentication tied to packet filter as well. As an example - user authenticates to HTTP/S proxy via AD and then his user object is updated with his present IP address and the object then could be used in packet filter. We actually had a request from a user for this functionality in ASG. Users are switching between workstation in company and they need the packet filter rules to update no matter which workstation they are working at at the moment.
Some other security solutions support this functionality...
Elmar Haag
aDIR and eDIR users and usergroups can already be used in VPN settings ("allowed users"), in HTTP Proxy settigns and in Packetfilter rules. What is the new feature in this FR ?