Filter
Top Products
33-6
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 33 Configuring Policy Objects for Remote Access VPNs
ASA Group Policies Dialog Box
Field Reference
Table 33-3 ASA Group Policies Client Firewall Attributes
Element Description
Firewall Mode The firewall requirements for client systems for the group:
• No Firewall—Do not use a firewall. You cannot configure any
other options on the page.
• Firewall Required—All users in this group must use the
designated firewall. The security appliance drops any session that
attempts to connect without the designated firewall installed and
running. In this case, the security appliance notifies the VPN client
that its firewall configuration does not match.
Note Make sure the group does not include any clients other than
Windows VPN Clients. Any other clients in the group
(including VPN 3002 Hardware Clients) are unable to connect
if you require a client firewall.
• Firewall Optional—Users can use a firewall but it is not required.
This option allows all users in the group to connect. Those who
have a firewall can use it; users that connect without a firewall
receive a warning message. This setting is useful if you are creating
a group in which some users have firewalls and others do not. For
example, you might have clients with systems that do not run
Microsoft windows, or your clients have not all had the opportunity
to install firewall software.
Firewall Type The type of firewall that you are making required or optional. The list
shows all of the supported firewall software, which includes software
from Cisco, Network ICE, Sygate, and Zone Labs.
• If you select Custom Firewall, you must fill in the fields in the
Custom Firewall group. You also need to configure the policy
source; select options only if they are supported by the vendor.
• Some firewall types require you to specify the source of the policy
implemented by the firewall.
Policy Source Some types of firewall allow you to configure where the client firewall
should obtain its policies:
• Get Policy From Remote Firewall—The policy is configured in the
client firewall application. This is how most client firewalls work.
• Use Specified Policy—The policy you specify should be pushed to
the client firewall application, which should use your policy.
You must enter the name of an extended access control list policy
object, or click Select to select one from a list or to create a new
one, in both in the Inbound Traffic Policy and Outbound Traffic
Policy fields.