HELP: Authentication 'ticket' per user ???

[JoeShmoe]

Im a SOLA on a project where we have little networking experience

Background: We have 2 VLANS, On one side we have a number of applications that sit in a data centre behind the firewall. The Firewall currently in place are a redundant pair of Nokia IP 1260s running Checkpoint Firewall-1 NG FP2. Authentication through the firewall will be user based (LDAP authentication)via SMART Directory to integrate the Firewall user database and AD

Ideally we want to know if its feasible technically to force all users on the external VLAN to authehticate with the Firewall at startup and allow them to use all these applications through the firewall for the rest of the session ?

We'd like to set up Checkpoint so that users on the second VLAN are asked to authenticate with the Firewall at start-up (via some sort of script). Once authenticated we'd like to know if its possible for Checkpoint to log the IP address of the user who has authenticated and effectively issue that IP address a 'ticket' to allow all protocols through the firewall from that IP address for a set period (i.e. 8 hours). Is this possible? This would save users having to re-authenticate for each application behind the firewall they wanted to access

[chillyjim]

Yes you can use client/user/session auth to do this.

I don't remember all the details but it is documented. I think the one you will want is client auth.

[abusharif]

client authentication or user for that matter can be suitable. You can also create a resource that redirects all http,https traffic to the firewall and port 900 which "forces" users to login page as soon as they try to visit a webpage.