I believe OPSWAT products require SecureClient. You're looking to make sure they have AV before they make external connections? Is this just for HTTP traffic or do you really need remote access spftware for what they are doing?
If it's just normal browsing, invest in a proxy server and add anti-virus scanning to it. We're using Microsoft's ISA 2000 server as the proxy behind NG and it works fine. We have it tied to domain authentication so the end user has to be authenticated against the domain before they can get outbound access. We put Trend's Webprotect software on it for HTTP scanning. NG has a rule to drop all 80 & 443 traffic outbound that does not originate from the proxy server, a rather effective way of making sure the proxy is used.
It will be a bit of a pain to make sure everyone is using it before you implement the NG rule, but it is mightily effective. Actually, with 1,500 employees and gigs of traffic each day, it goes off very infrequently, probably less than once a wek, which surprised me. It does grab "webmail" attachment viruses, so I know it's working.
Ray
From: Brad Pinkston <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [FW-1] SecureClient Antivirus question Date: Wed, 10 Dec 2003 15:42:12 -0600
Has anyone had any experience using some type of Firewall-1 tie-in to require internal users to have antivirus running to access through the firewall? I know this is supported for external users through SecureClient and McAfee 7.1. We cannot justify the costs for our student population though, and licensing issues could be terrible considering students leaving and enrolling at the end and beginning of every year.
All I'm looking for is a product that will require the user to have antivirus installed, possibly even check the .DAT version, before they can access the internet from our internal Residence Hall network. That's all...not asking to much, am I? Any thoughts?
Brad Pinkston Firewall/Network Administrator Checkpoint CCSA Centenary College of LA (318) 869-5721 [EMAIL PROTECTED]
-------------------------------------------------------------------- This email has been scanned for viruses by Centenary College of LA
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
_________________________________________________________________ Take advantage of our best MSN Dial-up offer of the year � six months @$9.95/month. Sign up now! http://join.msn.com/?page=dept/dialup
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
