cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
344
Views
5
Helpful
4
Replies

VPN client and firewall

n.oneill
Level 1
Level 1

Whats the deal with the in built firewall that is included with the VPN client? Is it good enuff to use with split tunnelling and is it always on even when the tunnel is not up?

Nick

1 Accepted Solution

Accepted Solutions

kdurrett
Level 3
Level 3

The built in firewall is a basic zone alarm firewall. No options to configure it, you turn it on or off. Default rule is deny all inbound traffic, it doesn't restrict any outbound traffic. It's on whether the tunnel is up or not as long as you have it checkmarked. If your connecting to a concentrator you can configure the concentrator to push down rules to it and require that its on in order to connect. Yes its good enough to use with split tunneling in my opinion but will depend on your security policies.

Kurtis Durrett

View solution in original post

4 Replies 4

kdurrett
Level 3
Level 3

The built in firewall is a basic zone alarm firewall. No options to configure it, you turn it on or off. Default rule is deny all inbound traffic, it doesn't restrict any outbound traffic. It's on whether the tunnel is up or not as long as you have it checkmarked. If your connecting to a concentrator you can configure the concentrator to push down rules to it and require that its on in order to connect. Yes its good enough to use with split tunneling in my opinion but will depend on your security policies.

Kurtis Durrett

I have found about the built in firewall the hard way. I enabled on programmer's laptop, thinking that it would only work when she connected to the concentrator. Before the end of the day she was having several network issues, one being she could no longer FTP files up to a server. We disabled the firewall option and all was well. It seems the latest version of the client does restrict some outbound traffic. A possible bug?

As I understand it there is an option to have the firewall enabled at all times regardless of you running the client software or connecting to the VPN. It runs as a background service.

Probably the reason you had an issue with FTP is that in normal FTP mode the server needs to initiate a connection back to the client in which case the firewall blocks it and the FTP fails. If you can switch to passive FTP then this should work as connections are initiated from the client.

Nelson Rodrigues
Cisco Employee
Cisco Employee

Nick, the Zone-based integrated stateful firewall blocks

all inbound traffic (with exception,DHCP is allowed in) coming from the internet whether the VPN tunnel is up or not.

Nelson

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: