ASA5500 Remote Access Group Policies IPsec Client Firewall

nmfoxton · ‎03-07-2011

Ok, the picture now is;

We have ASA5500's deployed for remote access concentration.

We use Cisco IPsec vpn client with a group policy the chacks for Network ICE BlackIce ersonal firewall.

The powers-that-be wish to change to McAfee presonal Firewall ok ... still with me?

Now the Group Policy allows you to check for several pre-configured Firewalls, Cisco Integrated, Sygate, Zone Labs etc.

So as McAfee are no listed then I am to assume we go for "Custom Firewall" and this is where I am struggling.

To configure checking for a Custom Firewall I must have the Vendor ID and the Product ID.

Guess what? McAfee haven't the faintest idea what we're talking about when we ask them for these details.

This must have happened to other people so someone must know the answer.

Does anyone know the relevant ID's?

Or is there a way to extract them from the registry of a machine with the McAfee product installed?

Jennifer Halim · ‎03-08-2011

Unfortunately other than the firewall listed, the ASA does not support the custom firewall. The feature was ported from VPN Concentrator, however, "custom firewall" feature are no longer supported on ASA.

nmfoxton · ‎03-08-2011

Thanks for the quick answer, that's a real shame and maybe a bit short sighted by Cisco.

It's probable that unless we can find a work-around, we will have to consider an alternate remote access solution for the future.

nmfoxton · ‎03-08-2011

Or be really scary and change our policies lol