Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN client and firewall

Whats the deal with the in built firewall that is included with the VPN client? Is it good enuff to use with split tunnelling and is it always on even when the tunnel is not up?

Nick

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: VPN client and firewall

The built in firewall is a basic zone alarm firewall. No options to configure it, you turn it on or off. Default rule is deny all inbound traffic, it doesn't restrict any outbound traffic. It's on whether the tunnel is up or not as long as you have it checkmarked. If your connecting to a concentrator you can configure the concentrator to push down rules to it and require that its on in order to connect. Yes its good enough to use with split tunneling in my opinion but will depend on your security policies.

Kurtis Durrett

4 REPLIES
New Member

Re: VPN client and firewall

The built in firewall is a basic zone alarm firewall. No options to configure it, you turn it on or off. Default rule is deny all inbound traffic, it doesn't restrict any outbound traffic. It's on whether the tunnel is up or not as long as you have it checkmarked. If your connecting to a concentrator you can configure the concentrator to push down rules to it and require that its on in order to connect. Yes its good enough to use with split tunneling in my opinion but will depend on your security policies.

Kurtis Durrett

New Member

Re: VPN client and firewall

I have found about the built in firewall the hard way. I enabled on programmer's laptop, thinking that it would only work when she connected to the concentrator. Before the end of the day she was having several network issues, one being she could no longer FTP files up to a server. We disabled the firewall option and all was well. It seems the latest version of the client does restrict some outbound traffic. A possible bug?

New Member

Re: VPN client and firewall

As I understand it there is an option to have the firewall enabled at all times regardless of you running the client software or connecting to the VPN. It runs as a background service.

Probably the reason you had an issue with FTP is that in normal FTP mode the server needs to initiate a connection back to the client in which case the firewall blocks it and the FTP fails. If you can switch to passive FTP then this should work as connections are initiated from the client.

Cisco Employee

Re: VPN client and firewall

Nick, the Zone-based integrated stateful firewall blocks

all inbound traffic (with exception,DHCP is allowed in) coming from the internet whether the VPN tunnel is up or not.

Nelson

120
Views
5
Helpful
4
Replies