From: Ellen K. 

The guy in charge of the firewall supposedly said that if everybody had a
static IP address he could set up rules that way.   ???

On Sun, 27 Mar 2005 21:49:39 -0500, "Geo" 
wrote in message :

>The answer is that it depends on the proxy server, there are some expensive
>ones that will allow restrictions based on userID or group so you have to
>authenticate with them before they let you out, in that case you would not
>need static IP addresses.
>
>I would imagine there are others that can limit based on static IP but I've
>never used one of those.
>
>The strategy of limiting some while not limiting others isn't really a
>security policy, it's more of a company policy so I don't normally have to
>deal much with that sort of thing.
>
>Geo.
>
>"Ellen K." 
wrote in message
>news:frie411ubovd2ghdv5f67hdqd2rdcd22vq{at}4ax.com...
>> Not my area of responsibility but I always like to help if I can:
>> We want to restrict the rank-and-file users to a few allowed sites like
>> FedEx and UPS.  In our morning briefing the other day it was stated that
>> everyone would have to have fixed IP addresses to do this (that part I
>> understand, since the restrictions are not to apply to everyone) and we
>> would have to have a proxy server.
>>
>> I actually don't know what a proxy server even is, but the IT director
>> said it's complicated.   So first of all, is it true that we would need
>> a proxy server?   And secondly, if so, is it complicated?
>>
>> Alternatively, is there any other way to do it?  We want to leave people
>> like directors and IT with full internet access.   Most boxes have no
>> external IP address and a dynamic internal one.  The only ones with
>> fixed internal ones are people who pcAW in to their desktop, which for
>> all I know might only be me because when they set up an additional
>> desktop for me recently they left the internal address dynamic and I
>> couldn't get to it.
>

--- BBBS/NT v4.01 Flag-5