RE:
>A client of my company requires a packet filter that can have it's
>rules updated dynamically, and remotely at that. Let me elaborate on the
>required scenario.
>
[... elaboration deleted...]
This sounds like the "Client Authentication" feature of Firewall-1 version 2.
Here's a quote from their marketing blurb at
http://www.checkpoint.com/intro.html:
QUOTE
CheckPoint FireWall-1 authenticates remote clients for secure communication
between an enterprise's local network and corporate branch offices,
business partners and nomadic user. The FireWall-1 Application
Authentication provides users with an extended log-in process to selected
applications by utilizing a secure one-time password.
CheckPoint FireWall-1 version 2.0 takes this a step further by introducing
an innovative new feature called Client Authentication. CheckPoint
FireWall-1's Client Authentication enables access to any application,
whether it is TCP, UDP or RPC based, without modifying the application
either on the client or server side.
UNQUOTE
They can also encrypt this traffic as it passes between the outsider and
the firewall. (part of the S/WAN initiative....)
Disclaimer: I've read about it, but haven't tested it yet.
Don
pollock @
houston .
omnes .
net Network Systems Engineer +1 713 513 3017
Omnes - A Schlumberger/Cable & Wireless Company
http://www.omnes.net/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The true mark of intelligence is to learn from the experiences of others.
-------------------------------------------------------------------------
|
|
