• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 508
  • Last Modified:

Cisco ASA 5510 require IPSEC clients to have XP firewall turned on

Hello All,

Due to "PCI" requirements, we are required to check whether clients have a firewall installed/enabled and if not force them to install or turn it on.  Some employees use their personal home PC's to VPN to our network.  For our employees we would like to make certain that the machines they are using to VPN in with have the Windows XP firewall turned on.

I know that with the Cisco ASA device we can force the specific Group Policy to check for a specific type of firewall installed on the client.  I also know that the XP firewall doesn't always play nicely with the Cisco VPN, we will deal with that ourselves.  

There are several firewalls selectable from the "Firewall Type" section when enabling the firewall requirement on the GP on the ASA, XP firewall is not one of them and at the moment we are not prepared to support any other third party firewalls, even if they are free.  So we would like to select "custom firewall" and add the XP firewall as the firewall type.  In order to do so, you have to select the "Vendor ID" and "Product ID" which I have bene unable to find after several days of searching.  Does anyone now the Vendor and Product ID's for the XP firewall and has anyone gotten this to work?

Any help is greatly appreciated.

Thanks,
John
0
genoint
Asked:
genoint
  • 2
  • 2
1 Solution
 
lrmooreCommented:
Are you using the Advanced Endpoint Protection license add-on with Secure Desktop ?
0
 
lrmooreCommented:
0
 
genointAuthor Commented:
Unfortunately no, we aren't using AEP qith secure desktop.  We arent using secure desktop at all.  We are trying to keep it as simple as possible.  As I indicated in the first post, there is a setting with the Group Policy to check for a firewall and you should be abel to add the XP Firewall as a custom firewall, I just don't know the Vendor and Product ID's.  I am going to open a ticket with Cisco today, if I find a fix I will post it here.
0
 
genointAuthor Commented:
I think I found the answer, apparently the "Custom Firewall" entry is for future release only, it isnt presently being used.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now