We help IT Professionals succeed at work.

Cisco ASA 5510 require IPSEC clients to have XP firewall turned on

Medium Priority
526 Views
Last Modified: 2012-05-06
Hello All,

Due to "PCI" requirements, we are required to check whether clients have a firewall installed/enabled and if not force them to install or turn it on.  Some employees use their personal home PC's to VPN to our network.  For our employees we would like to make certain that the machines they are using to VPN in with have the Windows XP firewall turned on.

I know that with the Cisco ASA device we can force the specific Group Policy to check for a specific type of firewall installed on the client.  I also know that the XP firewall doesn't always play nicely with the Cisco VPN, we will deal with that ourselves.  

There are several firewalls selectable from the "Firewall Type" section when enabling the firewall requirement on the GP on the ASA, XP firewall is not one of them and at the moment we are not prepared to support any other third party firewalls, even if they are free.  So we would like to select "custom firewall" and add the XP firewall as the firewall type.  In order to do so, you have to select the "Vendor ID" and "Product ID" which I have bene unable to find after several days of searching.  Does anyone now the Vendor and Product ID's for the XP firewall and has anyone gotten this to work?

Any help is greatly appreciated.

Thanks,
John
Comment
Watch Question

Les MooreSr. Systems Engineer
CERTIFIED EXPERT
Top Expert 2008

Commented:
Are you using the Advanced Endpoint Protection license add-on with Secure Desktop ?
Les MooreSr. Systems Engineer
CERTIFIED EXPERT
Top Expert 2008

Commented:

Author

Commented:
Unfortunately no, we aren't using AEP qith secure desktop.  We arent using secure desktop at all.  We are trying to keep it as simple as possible.  As I indicated in the first post, there is a setting with the Group Policy to check for a firewall and you should be abel to add the XP Firewall as a custom firewall, I just don't know the Vendor and Product ID's.  I am going to open a ticket with Cisco today, if I find a fix I will post it here.
Commented:
I think I found the answer, apparently the "Custom Firewall" entry is for future release only, it isnt presently being used.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.