IP and User based authetication

Hello,

 

 

I currently use an ISA firewall in the way specified below and am looking to see if our F5 3400 can handle the situation or if I need to get other products involved.

 

 

What we do:

 

We host a web application that must stay very secure. So, we authorize the users in one of two ways before allowing them access to the web application logon screen.

 

 

How we do it:

 

Our ISA first checks to see if the request is originating from an authorized IP address (contained in a list). If it is, the ISA lets the request through. If not, the ISA will prompt the user for credentials. If the user presents valid credentials the ISA lets the request through; if not, the user is denied and gets a page explaining what happened.

 

 

The problem,

 

First off we dont fully trust the ISA and would love to put a CheckPoint in place as the perimeter firewall. Second, since the ISA is a proxy, all requests come from the ISA servers IP and we are unable to do some of the logging we would like to.

 

 

Can this be handled by the BIG IP 3400?

 

 

request -->

 

valid IP >> allow request

 

>> prompt for credentials -->

 

valid credentials >> allow request

 

>> access denied

 

 

 

 

 

Thanks in advance for anything!