Best software firewall - corporate use

Reply Subscribe

Thread Tools

Search this Thread

09 October 2003, 11:45 AM

workshy_fopp

Scooby Regular

Thread Starter

Join Date: Jan 2003

Posts: 757

Likes: 0

Received 0 Likes on 0 Posts

Got 1,000 laptops, and we need a software firewall to protect them before/after they connect to the VPN.
Trialing Zonealarm Pro at the moment, but its really poor, won't save settings properly or act on those settings consistently, keeps prompting the user even though it's been configured not to.
What other software has anyone tried? What we want is zero user intervention or alerts.

Reply Like

09 October 2003, 12:14 PM

JR55

Scooby Regular

Join Date: Jul 2003

Posts: 152

Likes: 0

Received 0 Likes on 0 Posts

Checkpoint have a product that may be of interest, if you want I could sort out a trial for you. Drop me a line if you are interested.

Jon

Reply Like

09 October 2003, 03:56 PM

BlueBlood

Scooby Regular

Join Date: Jan 2003

Posts: 64

Likes: 0

Received 0 Likes on 0 Posts

Which VPN equip is it? It may be wise to integrate the two.

Reply Like

09 October 2003, 05:38 PM

stiler83

Scooby Regular

Join Date: Dec 2002

Posts: 448

Likes: 0

Received 0 Likes on 0 Posts

Checkpoint Firewall 1 . CPFW1 can be a bitch to config and Admin if you are new. Have a look at.. http://www.phoneboy.com/fom-serve/cache/1.html

or a somthing like... http://www.nsa.gov/selinux/index.html

there is also www.Astaro.com

Reply Like

09 October 2003, 05:56 PM

workshy_fopp

Scooby Regular

Thread Starter

Join Date: Jan 2003

Posts: 757

Likes: 0

Received 0 Likes on 0 Posts

Using Cisco VPN and cisco client. Basically we need to protect them before and after they join the vpn tunnel, but the Zonelabs s/w is mickey mouse.

Reply Like

09 October 2003, 07:27 PM

stiler83

Scooby Regular

Join Date: Dec 2002

Posts: 448

Likes: 0

Received 0 Likes on 0 Posts

You should be ok with a Cisco pix firewall making sure you have the latest ios.

Reply Like

10 October 2003, 09:06 AM

BlueBlood

Scooby Regular

Join Date: Jan 2003

Posts: 64

Likes: 0

Received 0 Likes on 0 Posts

The Cisco software firewall that is included with the client I feel is very good. Have a look at the .pcf file for it, u may be able to force he stateful inspection to always be on at startup & stop users from switching it off. Also if the clients are connecting to a Concentrator, you can configure very specific rules on the concentrators that are downloaded to the clients when the VPNs are established.

I would agree with the comments above, the Check Point is too much of a pain to manage & it costs a lot. The only thing I would add to the Cisco Concentrator solution is strong authentication - certs or secureID.

..r

Reply Like

Trending Topics

Help !! Immobiliser Pin - stop working

2

168
SH04 LLV OR S940 ASF?

5

1k
NEWAGE PARTS CLEAROUT

168

32.3k
Levorg aerial

5

905
MDX321T how much power did yours make?

81

12.1k

10 October 2003, 11:10 AM

workshy_fopp

Scooby Regular

Thread Starter

Join Date: Jan 2003

Posts: 757

Likes: 0

Received 0 Likes on 0 Posts

We were using the Cisco stateful firewall, but it blocks most network traffic, i.e. we can't even ping the machine when it's running, so we're having to use a logon script to switch off the cisco service, then another one to start it when it connects to the VPN, then a logoff script to stop the service so the machine will behave normally when on the lan.
So we still need a software firewall for when they have got an IP address (from an ISP), but haven't connected to the VPN. We are using SecurID. I'll ask the comms guys to have a look at setting rules on the concentrator, sounds promising.

Cheers

Fopp (not being workshy for once)

Reply Like