We are currently implementating a product called Active Net Steward (www.securitydesigners.com or www.activenetsteward.com) it has some very useful features such as, a 100% configurable firewall rulesets, features to disable the use of modems in a system, and policies which can be applied to the machine when there is no connection to the management server. For VPNs you can set rules to only allow the computer to reach the VPN server over the internet, thus routing all other internet traffic back out via your secured and monitored proxy server, etc. One of the key selling points to the solution for us was that the workstation clients had no configurable front end, and no pop-ups associated with normal firewalls such as "internet explorer is trying to access the internet - allow / deny" which takes away the risk of non-security concious users actually controlling the security of your corporate vpn.
Hope this gives you some ideas Stuart >>I am trying to decide on a Distributed Firewall product for a VPN >>Rollout. >>I have several vendors that I am looking at. (Zone Labs Integrity, >> >>Cyber Armour, CMDS) Does anyone out there have any experience with >> any >>of these products or have a suggestion for a good one? >> >>Thanks >> >>Iyad Abbas, >>VPN Project Coordinator _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com
