genoint
asked on
Cisco ASA 5510 require IPSEC clients to have XP firewall turned on
Hello All,
Due to "PCI" requirements, we are required to check whether clients have a firewall installed/enabled and if not force them to install or turn it on. Some employees use their personal home PC's to VPN to our network. For our employees we would like to make certain that the machines they are using to VPN in with have the Windows XP firewall turned on.
I know that with the Cisco ASA device we can force the specific Group Policy to check for a specific type of firewall installed on the client. I also know that the XP firewall doesn't always play nicely with the Cisco VPN, we will deal with that ourselves.
There are several firewalls selectable from the "Firewall Type" section when enabling the firewall requirement on the GP on the ASA, XP firewall is not one of them and at the moment we are not prepared to support any other third party firewalls, even if they are free. So we would like to select "custom firewall" and add the XP firewall as the firewall type. In order to do so, you have to select the "Vendor ID" and "Product ID" which I have bene unable to find after several days of searching. Does anyone now the Vendor and Product ID's for the XP firewall and has anyone gotten this to work?
Any help is greatly appreciated.
Thanks,
John
Due to "PCI" requirements, we are required to check whether clients have a firewall installed/enabled and if not force them to install or turn it on. Some employees use their personal home PC's to VPN to our network. For our employees we would like to make certain that the machines they are using to VPN in with have the Windows XP firewall turned on.
I know that with the Cisco ASA device we can force the specific Group Policy to check for a specific type of firewall installed on the client. I also know that the XP firewall doesn't always play nicely with the Cisco VPN, we will deal with that ourselves.
There are several firewalls selectable from the "Firewall Type" section when enabling the firewall requirement on the GP on the ASA, XP firewall is not one of them and at the moment we are not prepared to support any other third party firewalls, even if they are free. So we would like to select "custom firewall" and add the XP firewall as the firewall type. In order to do so, you have to select the "Vendor ID" and "Product ID" which I have bene unable to find after several days of searching. Does anyone now the Vendor and Product ID's for the XP firewall and has anyone gotten this to work?
Any help is greatly appreciated.
Thanks,
John
Les Moore
Are you using the Advanced Endpoint Protection license add-on with Secure Desktop ?
Forgot to post the link to a very handy document:
http://www.cisco.com/en/US/docs/security/csd/csd321/configuration/guide/CSDJcfg.html#wp1096385
http://www.cisco.com/en/US/docs/security/csd/csd321/configuration/guide/CSDJcfg.html#wp1096385
ASKER
Unfortunately no, we aren't using AEP qith secure desktop. We arent using secure desktop at all. We are trying to keep it as simple as possible. As I indicated in the first post, there is a setting with the Group Policy to check for a firewall and you should be abel to add the XP Firewall as a custom firewall, I just don't know the Vendor and Product ID's. I am going to open a ticket with Cisco today, if I find a fix I will post it here.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.