Hi, I have been looking at using the UAC IC controllers to do user authentication for resources protected by a ScreenOS firewall policy. My understanding is that the source IP is used as part of the auth table mapping that is created and pushed to the ScreenOS firewall by the IC controller. My question is, if I have multiple users behind a NAT device that all initiate connections from the same source IP from the perspective of the ScreenOS, are we able to identify these users individually? Is the auth table entry that is created for the first user that gets authorised by the resource policies on the IC controller, able to be used by subsequent unauthenticated/unauthorised users behind the same IP? Or can we somehow uniquely identify users, even though they will all come from the same source IP? Thanks for your responses.
... View more