amazing what you can find on the net, eh?
from:http://www.crpht.lu/CNS/html/PubServ/Security/Firewall/FW_Mail/960314_Dynamic_fw

From: "T. Jay Humphries" 
Date: Thu, 14 Mar 1996 08:56:21 MDT
Subject: Re: Dynamic firewall

I have a request of this group.  I am looking for a firewall product that will
accommodate dynamic connections.  Let me explain our need.  We have a network
isolated from the rest of our campus network just for student labs which in
some cases maybe unattended. This lab network has a T1 to the Internet.  We
authenticate/identify each student as they log into the lab network and
dynamically assign them an IP address when they log in. Because we feel we
maybe held responsible for who uses our network to access the Internet we want
to close all Internet access off and dynamically allow authorized access to
only the students we have authenticated.

When a student logs into the lab network we validate them from our student
database, record session times (start and finish), who they are, the MAC
address of the workstation and the IP address assigned to them for that
session.  After the student has been authenticated we would like to take that
information and dynamically configure the firewall to allow Internet access for
that student during that session.  

We have thought about dynamically configuring the router, but really don't
like that idea because of stability issues.  Ideally, we would like to
integrate this process with DCE authentication someday, but for now would be
satisfied with just being able to pass our clear text information to the
firewall to dynamically allow the Internet access. 

Does anyone based on experience know of a commercial firewall product that
will satisfy our requirements?  If you do I would appreciate hearing from you.

Thanks,


Terrance Humphries
Manager of Network Security
and Administration
Brigham Young University
TJay@byu.edu
801-378-7513

------------------------------

From: Bill Husler 
Date: Fri, 15 Mar 96 15:55:07 -0800
Subject: Re: Dynamic firewall

>Subject:     Re: Dynamic firewall
>From:        T. Jay Humphries, tjay@tj.byu.edu

..
> we want
>to close all Internet access off and dynamically allow authorized access to
>only the students we have authenticated.
>
>When a student logs into the lab network we validate them from our student
>database, record session times (start and finish), who they are, the MAC
>address of the workstation and the IP address assigned to them for that
>session.  After the student has been authenticated we would like to take that
>information and dynamically configure the firewall to allow Internet 
>access for
>that student during that session.  
..
I think most Proxie type Firewalls provide for User based access controls 
- - before being allowed use of the proxies, the student would be required 
to authenticate at the firewall. Only students with IDs on the firewall 
would be allowed use.
Bill





------------------------------

From: Avraham Hayam 
Date: Mon, 18 Mar 1996 23:35:08 +0300 (EET DST)
Subject: Re: Dynamic firewall

Greetings, 
Any other suggestins for Dynamic firewall ?

Avraham Hayam - hayam@actcom.co.il


On Fri, 15 Mar 1996, Bill Husler wrote:

> >Subject:     Re: Dynamic firewall
> >From:        T. Jay Humphries, tjay@tj.byu.edu
> 
> ..
> > we want
> >to close all Internet access off and dynamically allow authorized access to
> >only the students we have authenticated.
> >
> >When a student logs into the lab network we validate them from our student
> >database, record session times (start and finish), who they are, the MAC
> >address of the workstation and the IP address assigned to them for that
> >session.  After the student has been authenticated we would like to take that
> >information and dynamically configure the firewall to allow Internet 
> >access for
> >that student during that session.  
> ..
> I think most Proxie type Firewalls provide for User based access controls 
> - before being allowed use of the proxies, the student would be required 
> to authenticate at the firewall. Only students with IDs on the firewall 
> would be allowed use.
> Bill
> 
> 
> 
> 
> 

------------------------------