ScoobyNet.com - Subaru Enthusiast Forum

ScoobyNet.com - Subaru Enthusiast Forum (https://www.scoobynet.com/)
-   Computer & Technology Related (https://www.scoobynet.com/computer-and-technology-related-34/)
-   -   Best software firewall - corporate use (https://www.scoobynet.com/computer-and-technology-related-34/258345-best-software-firewall-corporate-use.html)

workshy_fopp 09 October 2003 11:45 AM
Got 1,000 laptops, and we need a software firewall to protect them before/after they connect to the VPN.
Trialing Zonealarm Pro at the moment, but its really poor, won't save settings properly or act on those settings consistently, keeps prompting the user even though it's been configured not to.
What other software has anyone tried? What we want is zero user intervention or alerts.

JR55 09 October 2003 12:14 PM
Checkpoint have a product that may be of interest, if you want I could sort out a trial for you. Drop me a line if you are interested.

Jon

BlueBlood 09 October 2003 03:56 PM
Which VPN equip is it? It may be wise to integrate the two.

stiler83 09 October 2003 05:38 PM
Checkpoint Firewall 1 . CPFW1 can be a bitch to config and Admin if you are new. Have a look at.. http://www.phoneboy.com/fom-serve/cache/1.html

or a somthing like... http://www.nsa.gov/selinux/index.html

there is also www.Astaro.com

workshy_fopp 09 October 2003 05:56 PM
Using Cisco VPN and cisco client. Basically we need to protect them before and after they join the vpn tunnel, but the Zonelabs s/w is mickey mouse.

stiler83 09 October 2003 07:27 PM
You should be ok with a Cisco pix firewall making sure you have the latest ios.

BlueBlood 10 October 2003 09:06 AM
The Cisco software firewall that is included with the client I feel is very good. Have a look at the .pcf file for it, u may be able to force he stateful inspection to always be on at startup & stop users from switching it off. Also if the clients are connecting to a Concentrator, you can configure very specific rules on the concentrators that are downloaded to the clients when the VPNs are established.

I would agree with the comments above, the Check Point is too much of a pain to manage & it costs a lot. The only thing I would add to the Cisco Concentrator solution is strong authentication - certs or secureID.

..r

workshy_fopp 10 October 2003 11:10 AM
We were using the Cisco stateful firewall, but it blocks most network traffic, i.e. we can't even ping the machine when it's running, so we're having to use a logon script to switch off the cisco service, then another one to start it when it connects to the VPN, then a logoff script to stop the service so the machine will behave normally when on the lan.
So we still need a software firewall for when they have got an IP address (from an ISP), but haven't connected to the VPN. We are using SecurID. I'll ask the comms guys to have a look at setting rules on the concentrator, sounds promising.

Cheers

Fopp (not being workshy for once)

Chris L 10 October 2003 12:24 PM
Try Sygate - better program than ZoneAlarm IMHO.

Chris


All times are GMT +1. The time now is 01:33 PM.


© 2024 MH Sub I, LLC dba Internet Brands