Hi, New to this forum - looking at PF as a possible solution to my NAC needs for a number of remote offices. I have several remote offices that do not have IT staff and the computers are essentially unmanaged. These computers connect through site-to-site VPN tunnels to a central hub that has resources used by the remote offices (email, web proxy, etc). In some cases there are also resources behind the VPN routers at the remote offices that other remote offices have access to (PBX, file servers, etc).
DHCP for the office computers is handled locally at each office by the router. Another possible complication is that the central server system is actually a VMware ESXi 4.x hypervisor-based system (one vm is the VPN hub, one is the web proxy, etc). What I would like to happen is if a computer from a remote office (call it site A) connects through the VPN tunnel to the central system (i.e. site B) the connection is intercepted by PF and a registration is required. I would also like the Nessus and Snort- type capabilites to be utilized and the registration/isolation VLANs to be on the central system so that any unregistered, unpatched, or mis-behaving systems don't get any farther than the VPN hub. Is this doable and does anyone have any examples on how they have done it? Thanks a bunch... ------------------------------------------------------------------------------ What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
