[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    RE: AV and VPN solutions
From:       "Claussen, Ken" <kclausse () columbus ! rr ! com>
Date:       2001-12-19 18:38:46
[Download RAW message or body]

This is possible with the New 3.1.1 Unified VPN client from Cisco, sort of.
It allows you to specify a "Personal firewall" such as Zone Alarm or Black
Ice must be running before the client will allow a connection. Policies are
defined by user or group on the VPN concentrator, no the client. There is
also the option to specify a "Custom" firewall. Basically it allows you to
specify a given executable as a firewall component and designate that it
must be operating before a client connection can succeed. This way you could
specify an Antivirus product instead of a personal firewall and enforce this
based on group membership. This must be used with something like the 3015
VPN concentrator to be able to enforce the policy.

Ken Claussen MCSE CCNA CCA 
"In Theory it should work as you describe, but the difference between theory
and reality is the truth! For this we all strive"

-----Original Message-----
From: firewalls-admin@lists.gnac.net
[mailto:firewalls-admin@lists.gnac.net]On Behalf Of Michael Endrizzi
Sent: Wednesday, December 19, 2001 12:46 PM
To: firewalls@lists.gnac.net
Subject: AV and VPN solutions


Looking for a solution where corporate can control  AV over remote VPN
connections.
 
Requirement
--------------------
- Corporate can enforce AV policy on remote clients
- AV policy requires desktop runs current version, runs current signatures,
  , AV configuration is secure, reports alerts to corporate
 
 
 
Solutions I know about:
 
VPN:
- Sonicwall integration with McAfee
- CheckPoint new AV API integrated with VPN1
- Old Marcus Ranum VPN company (Can't remember name). Read about it
  in Network World, but sales staff didn't know anything
 
Enterprise AV:
- All big AV companies have enterprise software. Anyone achieve success with
  enterprise stuff applying policy over VPN connection to heterogeneous
environment?
 
 
 

Michael Endrizzi 
InterSec Communications, Inc. 
mje@intersec.com 
General: 651-310-1551 
Direct: 651-365-9941 


 


[Attachment #3 (application/ms-tnef)]
_______________________________________________
Firewalls mailing list
Firewalls@lists.gnac.net
http://lists.gnac.net/mailman/listinfo/firewalls

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic