User guide
User Guide 127
CHAPTER 10 Creating Aliases and
Implementing Authentication
Aliases are shortcuts used to identify groups of hosts, networks, or users.
The use of aliases simplifies service configuration.
User authentication allows the tracking of connections based on name
rather than IP address. With authentication, it does not matter which IP
address is used or from which machine a person chooses to work. To gain
access to Internet services (such as outgoing HTTP or outgoing FTP), the
user provides authenticating data in the form of a username and
password. For the duration of the authentication, the session name is tied
to connections originating from the IP address from which the individual
authenticated. This makes it possible to track not only the machines from
which connections are originating, but the user as well.
N
OTE
Because usernames are bound to IP addresses, user authentication is not
recommended for use in an environment with shared multiuser machines
(such as Unix, Citrix, or NT terminal servers), because only one user per
shared server can be authenticated at any one time.
The Firebox allows you to define permissions and groups using user
names rather than IP addresses. This system allows for situations where
users may use more than one computer or IP address. Tracking activities
by user rather than IP is especially useful on networks using DHCP where