Got 1,000 laptops, and we need a software firewall to protect them before/after they connect to the VPN.
Trialing Zonealarm Pro at the moment, but its really poor, won't save settings properly or act on those settings consistently, keeps prompting the user even though it's been configured not to. What other software has anyone tried? What we want is zero user intervention or alerts. |
Checkpoint have a product that may be of interest, if you want I could sort out a trial for you. Drop me a line if you are interested.
Jon |
Which VPN equip is it? It may be wise to integrate the two.
|
Checkpoint Firewall 1 . CPFW1 can be a bitch to config and Admin if you are new. Have a look at.. http://www.phoneboy.com/fom-serve/cache/1.html
or a somthing like... http://www.nsa.gov/selinux/index.html there is also www.Astaro.com |
Using Cisco VPN and cisco client. Basically we need to protect them before and after they join the vpn tunnel, but the Zonelabs s/w is mickey mouse.
|
You should be ok with a Cisco pix firewall making sure you have the latest ios.
|
The Cisco software firewall that is included with the client I feel is very good. Have a look at the .pcf file for it, u may be able to force he stateful inspection to always be on at startup & stop users from switching it off. Also if the clients are connecting to a Concentrator, you can configure very specific rules on the concentrators that are downloaded to the clients when the VPNs are established.
I would agree with the comments above, the Check Point is too much of a pain to manage & it costs a lot. The only thing I would add to the Cisco Concentrator solution is strong authentication - certs or secureID. ..r |
We were using the Cisco stateful firewall, but it blocks most network traffic, i.e. we can't even ping the machine when it's running, so we're having to use a logon script to switch off the cisco service, then another one to start it when it connects to the VPN, then a logoff script to stop the service so the machine will behave normally when on the lan.
So we still need a software firewall for when they have got an IP address (from an ISP), but haven't connected to the VPN. We are using SecurID. I'll ask the comms guys to have a look at setting rules on the concentrator, sounds promising. Cheers Fopp (not being workshy for once) |
|
All times are GMT +1. The time now is 01:33 PM. |
© 2024 MH Sub I, LLC dba Internet Brands