11-20-2002 07:37 AM - edited 02-21-2020 12:11 PM
Whats the deal with the in built firewall that is included with the VPN client? Is it good enuff to use with split tunnelling and is it always on even when the tunnel is not up?
Nick
Solved! Go to Solution.
11-20-2002 08:10 AM
The built in firewall is a basic zone alarm firewall. No options to configure it, you turn it on or off. Default rule is deny all inbound traffic, it doesn't restrict any outbound traffic. It's on whether the tunnel is up or not as long as you have it checkmarked. If your connecting to a concentrator you can configure the concentrator to push down rules to it and require that its on in order to connect. Yes its good enough to use with split tunneling in my opinion but will depend on your security policies.
Kurtis Durrett
11-20-2002 08:10 AM
The built in firewall is a basic zone alarm firewall. No options to configure it, you turn it on or off. Default rule is deny all inbound traffic, it doesn't restrict any outbound traffic. It's on whether the tunnel is up or not as long as you have it checkmarked. If your connecting to a concentrator you can configure the concentrator to push down rules to it and require that its on in order to connect. Yes its good enough to use with split tunneling in my opinion but will depend on your security policies.
Kurtis Durrett
11-21-2002 07:02 AM
I have found about the built in firewall the hard way. I enabled on programmer's laptop, thinking that it would only work when she connected to the concentrator. Before the end of the day she was having several network issues, one being she could no longer FTP files up to a server. We disabled the firewall option and all was well. It seems the latest version of the client does restrict some outbound traffic. A possible bug?
11-21-2002 07:09 AM
As I understand it there is an option to have the firewall enabled at all times regardless of you running the client software or connecting to the VPN. It runs as a background service.
Probably the reason you had an issue with FTP is that in normal FTP mode the server needs to initiate a connection back to the client in which case the firewall blocks it and the FTP fails. If you can switch to passive FTP then this should work as connections are initiated from the client.
11-21-2002 01:51 PM
Nick, the Zone-based integrated stateful firewall blocks
all inbound traffic (with exception,DHCP is allowed in) coming from the internet whether the VPN tunnel is up or not.
Nelson
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide