Firewall Wizards mailing list archives
Re: firewall-wizards Digest, Vol 38, Issue 11
From: Paul Hutchings <paul () spamcop net>
Date: Tue, 23 Jun 2009 17:54:16 +0100
I have split tunnelling disabled, but being frank my low level knowledge of TCP/IP isn't sufficient to know if it's sufficient mitigation for lack of a software firewall.
Frustratingly, the Juniper Host Checker comes with a firewall but you need admin rights simply to enable/disable that component.
Cheers, Paul On 22 Jun 2009, at 20:42, rjdriscoll () comcast net wrote:
Are you allowing split tunneling? I have worked at companies that have disabled split tunneling, which in effect turned off routing except through the VPN server. We then would check for things like current AV def's and patch compliance.----- Original Message ----- From: firewall-wizards-request () listserv icsalabs com To: firewall-wizards () listserv icsalabs com Sent: Monday, June 22, 2009 9:00:03 AM GMT -08:00 US/Canada Pacific Subject: firewall-wizards Digest, Vol 38, Issue 11 Send firewall-wizards mailing list submissions to firewall-wizards () listserv icsalabs com To subscribe or unsubscribe via the World Wide Web, visithttps://listserv.icsalabs.com/mailman/listinfo/firewall- wizardsor, via email, send a message with subject or body 'help' to firewall-wizards-request () listserv icsalabs com You can reach the person managing the list at firewall-wizards-owner () listserv icsalabs com When replying, please edit your Subject line so it is more specific than "Re: Contents of firewall-wizards digest..." Today's Topics: 1. VPN and XP Firewall GPO settings (Paul Hutchings) ---------------------------------------------------------------------- Message: 1 Date: Sat, 20 Jun 2009 18:30:49 +0100 From: Paul Hutchings <paul () spamcop net> Subject: [fw-wiz] VPN and XP Firewall GPO settings To: Firewall Wizards Security Mailing List <firewall-wizards () listserv icsalabs com> Message-ID: <DF4421BD-AB92-4055-A5D4-370E73D13981 () spamcop net> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Folks hoping for a little input here: We have a Juniper SSL VPN that has Network Connect functionality. We have our Group Policies configured so that when onsite XP firewall is disabled, when offsite XP firewall is enabled. It seems what's happening when people use the Network Connect functionality of the VPN is that XP is detecting that it has connectivity to the LAN and the domain controllers/DNS boxes and is switching from the "Standard Profile" to the "Domain Profile" and dropping the firewall, which is of course unacceptable (I accept it's behaving by design so it's not really a criticism of Microsoft). What do people do to work around this kind of issue? I guess a group policy for laptops that enables the firewall even when on the domain is one option, and I've opened a case with JTAC in case I'm missing something on the SA config. Thanks. ------------------------------ _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards End of firewall-wizards Digest, Vol 38, Issue 11 ************************************************ _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: firewall-wizards Digest, Vol 38, Issue 11 rjdriscoll (Jun 22)
- Re: firewall-wizards Digest, Vol 38, Issue 11 Paul Hutchings (Jun 23)
- Re: firewall-wizards Digest, Vol 38, Issue 11 pkc_mls (Jun 27)
- Re: firewall-wizards Digest, Vol 38, Issue 11 Paul Hutchings (Jun 23)