This is possible with the New 3.1.1 Unified VPN client from Cisco, sort of. It allows you to specify a "Personal firewall" such as Zone Alarm or Black Ice must be running before the client will allow a connection. Policies are defined by user or group on the VPN concentrator, no the client. There is also the option to specify a "Custom" firewall. Basically it allows you to specify a given executable as a firewall component and designate that it must be operating before a client connection can succeed. This way you could specify an Antivirus product instead of a personal firewall and enforce this based on group membership. This must be used with something like the 3015 VPN concentrator to be able to enforce the policy.
Ken Claussen MCSE CCNA CCA "In Theory it should work as you describe, but the difference between theory and reality is the truth! For this we all strive" -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael Endrizzi Sent: Wednesday, December 19, 2001 12:46 PM To: [EMAIL PROTECTED] Subject: AV and VPN solutions Looking for a solution where corporate can control AV over remote VPN connections. Requirement -------------------- - Corporate can enforce AV policy on remote clients - AV policy requires desktop runs current version, runs current signatures, , AV configuration is secure, reports alerts to corporate Solutions I know about: VPN: - Sonicwall integration with McAfee - CheckPoint new AV API integrated with VPN1 - Old Marcus Ranum VPN company (Can't remember name). Read about it in Network World, but sales staff didn't know anything Enterprise AV: - All big AV companies have enterprise software. Anyone achieve success with enterprise stuff applying policy over VPN connection to heterogeneous environment? Michael Endrizzi InterSec Communications, Inc. [EMAIL PROTECTED] General: 651-310-1551 Direct: 651-365-9941
<<application/ms-tnef>>
