Firewall that is controlled by AD login

Is there a way to control the Active directory  login so that it talks to the firewall and you can control what ports can be accessed by that user? Happy to change my firewall
Daniel ForresterDirectorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
What are you trying to block? If its just to web filter your clients, then Any Cisco ASA Next Gen with FirePOWER services will do that.

As for PORTS - the rule is if they don't need to be open don't have them open?


Daniel ForresterDirectorAuthor Commented:
I want to be able to have logins that block all ports in and out, i'd like them to be Active Directory specific, what firewall/router can do this?
Will SzymkowskiSenior Solution ArchitectCommented:
There are a ton of ports that are required for active directory to work. So if you are blocking all ports I am not exactly sure what you are trying to accomplish here.

Based on what i think you are saying is that you want to be able to leverage your Firewall to block specific ports based on the users Active Directory Login.

Is this correct?

Most firewalls will have LDAP integration or Active Directory Specific integration (either will work). However, you will still need to put rules in place for AD Groups or Users specifically to what they have access to.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

...firewalls in connection with users...

What we can do (for example with the windows firewall) is limit outgoing traffic based on user names. So you can create a rule "let user A only create outgoing traffic on port x".

What we can also do is create an incoming rule like "only allow incoming traffic on port x if if is coming from (remote) domain user B".

But what we cannot do is go like "if user C is logged on close all incoming ports".

You see, you need to specify what exactly you are trying to do.
Daniel ForresterDirectorAuthor Commented:
I'm trying to block users from making any connection to outside of the network, for example, port 80, port 443, port 25 common ports that are used to transfer data from the network. I'd like to control it through their login names.
You can use the windows advanced firewall for that goal. Try it, setup a policy and afterwards open its properties to set the user-bound activation.
Blue Street TechLast KnightCommented:
I still don't understand the reasoning behind this. Do you want to restrict users from surfing the web and sending email?

If you are seeking a closed circuit environment you can achieve this with a logical segmented design (dynamic network opposed to a flat one). Create a VLAN/Zone for your users and explicitly block all VLAN > WAN ports. Then to authenticate and use other network resources add Access Rules between the appropriate VLANs/Zones. For example, here is a list of AD ports required to be opened:
How did you solve it?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.