I realize that I am a bit biased on this but if you are going to look at deploying a host based firewall application, you may want to take a look at Cisco Security Agent. This is a product we recently aquired (formerly Okena) and have integrated into our Self Defending Netowrk strategy (assume you have seen the commercials). It provides all of the functions of a host based firewall plus much, much more. The VPN 3000 has a hook built into it that will require (if enabled) that CSA be running before a VPN client is allowed to connect. CSA will also have the Network Admission Control functionality built into it in the next release that will allow your network devices to query the host for virus .dat levels, SP levels, etc... before connecting to the network whether it be via VPN, wired, wireless, etc...
Anyway, don't want to sound to salesman-y but I thought I would toss it in if you are looking to deploy something in this space. Might be worth talking to your local Cisco account team and seeing a demo. I assure you, you will be impressed. Hope this helps.
PS - If you have any other questions concerning CSA and do not wnat to use this forum, please feel free to shoot me an e-mai off-line at email@example.com
I recommend the CSA as well. If has file integrity checks (think Tripwire), inbound/outbound connection control, executable control, email policies, and a whole lot more. It is recognized by VPN3000s.
It's a policy based approach that allows you to define behaviors based on machines types, users, etc. The agent pulls the policy from the Management Center where all the policies are managed.
I don't know what you mean by the personal firewall must work with the Pix. Whether or not a client or other network has a firewall is transparent to any other network layer device. There aren't any concerns here that I can think of.
Regarding "...personal firewall must work with the Pix..." I know in CVPN 3005 you can select to disconnect a VPN user in he/she does not use one of the firewalls listed. I wonder if you can do this in PIX.
I do know about CSA but this client is looking for one of the firewalls I listed (BlackICE, Sygate, ZoneAlarm). The client may use this personal firewall at many none cisco sites and/or just for end users at home etc (and never coming be in any office or VPN to any office).
I will look at CSA for other clients, but for now, please give some feedback on the non-Cisco personal firewalls.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...