Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Which personal firewall to use with VPN 3000 ?


currently we are investigating in our company which personal firewall to use on our mobile clients. Some of our mobile users (the number is increasing) have the Cisco VPN Client to connect to our VPN 3000 concentrator, but most of them use the plain old dial-up RAS network.

As far as I know the Zone Labs firewall is supported the best with the VPN concentrator, but from a commercial point of view our company would like to prefer the Symantec (Norton) solution (we are already using Norton AntiVirus). Does anybody have experience with the integration of Norton Personal Firewall into a VPN 3000 environment ? Any suggestions which of the both alternatives (Norton or Zone Labs) to use ?

Thank you very much in advance.

New Member

Re: Which personal firewall to use with VPN 3000 ?

We use BlackICE versions 3.5 and 3.6, and find it very satisfactory. Cost is about $35 per client. There is no policy management from the vendor; but the Cisco VPN Client ensures that the user must have it installed and working. This could let sloppy users change the settings, which would pretty much ruin the whole idea. However, since a user sets up a tunnel to corporate and most protocols are closed, there's not many entrances. Not perfect, but we're happy with the compromises.

New Member

Re: Which personal firewall to use with VPN 3000 ?

We use the Zone Labs Integrity Agent/Server. Its about $50 per client, but it is worth it in the long run. You can make sure that they are up to date with AV definitions, and if they are not Restrict access. If they have any signs of the blaster or Welchia restrict access.

It took a while for the "Cooperative Enforcement" to actually work. Zone Labs documentation sucks though.

CreatePlease to create content