I have a PIX 515, with 3 VPN tunnels and several remote VPN clients. Clients connect from their home machine or other network. Once they connect they are in my network, so if the machine has virus or something it can effect my network. How can I protect my network from these machines. How can i make sure these clients are not transfering virus or other into my network
I have a similar situation and here is what I do. I have a company policy in place that mandates anyone that wants the ability to connect from home has to have an anti-virus product AND a personal firewall on their home PCs. This is purchased, installed and maintained by the company. Yes, a little more to oversee and potentially a few more headaches but I sleep easier at night knowing this policy is in place. I also have the ability to lock them out automatically should they remove the software and try to connect to the VPN. To me these users are an extension of you network and should be treated as such. Should this not be doable in your situation then the next best thing is to make sure ALL your PCs and servers have virus protection and that definetions are attemptyed to be updated daily. Your network can never be fully protected from anything, Hackers, viruses etc .but you can minimize the risk. Having home users w/o minimal protection to me is just waiting for trouble.
I agree with his input on most of the subjects. As far as a Virus, less likely, but worms and such, as well as Nimda type of attacks are possible. Another thing I might add, is make sure not to enable split-tunneling in these situations, as it will open up vulnerabilities to your internal network. The home user is your weakest security link due to their lack of knowledge. You can normally have automated scripts run at login to your internal network as Travis-Dennis recommended. Go luck on your endeavors.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...