We have wrestled with this problem also.
We have deployed black ice and I find it of no use.
We also use the linksys $100 thing and it is not very
useful either (although you can get ipsec client
tunnels out).
What we have found works the best is netscreen 5 and
either nortel ipsec or infoexpress. There are issues
with the netscreen and nortel ipsec client but it can
work with the correct config.
I have settled on using a netscreen 5 for packet
filtering and the infoexpress proprietary tunnel that
works fine through nat devices including many proxies.
The netscreen is good enough that my OpenBSD 2.8
ipfilter/ipnat machine is reserved as a secondary
packet filter.
--- It's The Zoooomer <[EMAIL PROTECTED]> wrote:
> Well if you're talking about allowing the company
> employees (who have DSL at their houses) to be able
> to
> come into the company. We're wrestling with this
> right
> now. We're looking at personal fw's tht we can
> configure and protect them at their house and also
> have them up to make a secure connection into the
> company. some of the cast of characters include
> F-Secure, zonealarm, Blackice etc. Anyone had any
> success in these areas...?
>
> Robert
>
>
> --- "Andrew J. Caird" <[EMAIL PROTECTED]> wrote:
> > On: Fri, 20 Apr 2001 14:13:41 EDT
> > [EMAIL PROTECTED] wrote:
> >
> > >We do use FW-1, however, do you know if after a
> > client's policy is updated
> > >(upon logon) does that user then have the ability
> > to alter that policy
> > >until the next time he/she logs on? My
> > understanding is that you can
> > >prevent this with ZoneAlert Plus through the use
> of
> > authentication
> > >requirements and a centralized password database
> > that exists on a file
> > >server. Thoughts?
> >
> > well, access to the keyboard means all bets are
> > off, but i believe
> > that with a reasonably configured client the
> > policy is essentially
> > unchangable by the average end user(*). again,
> > though, i've never
> > used this software, so i'm going on the
> marketing
> > literature i've read. :)
> >
> > perhaps someone else on this list can share some
> > real-life
> > experiences?
> >
> > --andy
> >
> >
> > (*) average end user == a user who can't figure
> out
> > how to circumvent
> > the SecureClient policy.
> > -
> > [To unsubscribe, send mail to
> > [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the
> message.]
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great
> prices
> http://auctions.yahoo.com/
> -
> [To unsubscribe, send mail to
> [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
