Firewall Wizards mailing list archives
RE: VPN concentrators
From: "Crispin Harris" <crispin () internode on net>
Date: Wed, 28 Aug 2002 11:02:34 +0930
Hmmm, I have been through a scenario involving VPN, Anti-Virus & Distributed
(desktop) Firewalls and we found that we had a very clear choice between support
hours and firewall security.
The Anti-Virus product was relatively easily supported, as was the VPN (although
less so).
The first issue arose when we attempted to codify firewall rule sets that were
safe, effective, and relatively uninvasive. This then had to be mixed in with
Internet-Browsing vs Corporate-VPN scenarios. We found in our pilot group that
if the firewall was tight enough to be useful, the number of support calls escallated
rapidly for several weeks (our pilot lasted 2 months), before _slowly_ tapering
off to aproximately 3 times the previous level.
The desktop firewall got blamed for all sorts of evils, including (in a large
number of cases) not being able to open work documents from the local disk,
Blue-Screen-of-Death, email not arriving (outlook 2000 & exchange), and modems
failing to connect with ISPs.
When looking at the figures over the whole period, we estimated that calls would
drop to about 1.5 times the previous level after about 6-8 months, peaking again
with each new group of users, and with new employees starting in the company.
I still don't know the best response, and I think I am glad that it became a
business decision rather than a technical one.
Regards,
Crispin Harris
Client software would probably depend on Device as a numberof beneficialfeatures can be used if you match the client to the device (personal firewalls, autmated upgrading of clients etc...) users would be about 250 initially but up to 4000potentially in the future. So here is a problem. 250 users that use one client operating system means that you will need (to add?) a person to support (given some form of personal Firewall and some automated updating of client software), and monitor VPN clients usage full time. That's a nasty job if you add additional operating systems (there will always be one platform that doesn't get supported as well as others). That's multiple bodies as you grow to 4000 users.
-- Sent using Internode WebMail http://www.internode.on.net/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: VPN concentrators, (continued)
- RE: VPN concentrators Ben Nagy (Aug 29)
- RE: VPN concentrators Schouten, Diederik (Diederik) (Aug 26)
- RE: VPN concentrators Patrick Darden (Aug 26)
- RE: VPN concentrators Schouten, Diederik (Diederik) (Aug 26)
- RE: VPN concentrators Crispin Harris (Aug 26)
- RE: VPN concentrators Patrick Darden (Aug 27)
- RE: VPN concentrators Brian Ford (Aug 27)
- RE: VPN concentrators Schouten, Diederik (Diederik) (Aug 27)
- RE: VPN concentrators Crispin Harris (Aug 27)
- RE: VPN concentrators R. DuFresne (Aug 27)
- RE: VPN concentrators Crispin Harris (Aug 27)
- RE: VPN concentrators Crispin Harris (Aug 29)
- RE: VPN concentrators Patrick Darden (Aug 29)
- RE: VPN concentrators Nilesh Chaudhari (Aug 29)
- RE: VPN concentrators R. DuFresne (Aug 29)
- RE: VPN concentrators Nilesh Chaudhari (Aug 30)
- RE: VPN concentrators Patrick Darden (Aug 29)