Correct, it requires you to have check point SecureClient - (55 is not too bad) - the cool thing is that with OPSTOP is that you actually takes control of the av behavior on your SecureClient machines I would not call it a pain Benny www.opswat.com
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Ray P. Sent: Wednesday, December 10, 2003 8:06 PM To: [EMAIL PROTECTED] Subject: Re: [FW-1] SecureClient Antivirus question I believe OPSWAT products require SecureClient. You're looking to make sure they have AV before they make external connections? Is this just for HTTP traffic or do you really need remote access spftware for what they are doing? If it's just normal browsing, invest in a proxy server and add anti-virus scanning to it. We're using Microsoft's ISA 2000 server as the proxy behind NG and it works fine. We have it tied to domain authentication so the end user has to be authenticated against the domain before they can get outbound access. We put Trend's Webprotect software on it for HTTP scanning. NG has a rule to drop all 80 & 443 traffic outbound that does not originate from the proxy server, a rather effective way of making sure the proxy is used. It will be a bit of a pain to make sure everyone is using it before you implement the NG rule, but it is mightily effective. Actually, with 1,500 employees and gigs of traffic each day, it goes off very infrequently, probably less than once a wek, which surprised me. It does grab "webmail" attachment viruses, so I know it's working. Ray >From: Brad Pinkston <[EMAIL PROTECTED]> >Reply-To: Mailing list for discussion of Firewall-1 ><[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: [FW-1] SecureClient Antivirus question >Date: Wed, 10 Dec 2003 15:42:12 -0600 > >Has anyone had any experience using some type of Firewall-1 tie-in to >require internal users to have antivirus running to access through the >firewall? I know this is supported for external users through SecureClient >and McAfee 7.1. We cannot justify the costs for our student population >though, and licensing issues could be terrible considering students leaving >and enrolling at the end and beginning of every year. > >All I'm looking for is a product that will require the user to have >antivirus installed, possibly even check the .DAT version, before they can >access the internet from our internal Residence Hall network. That's >all...not asking to much, am I? Any thoughts? > >Brad Pinkston >Firewall/Network Administrator >Checkpoint CCSA >Centenary College of LA >(318) 869-5721 >[EMAIL PROTECTED] > > > >-------------------------------------------------------------------- >This email has been scanned for viruses by Centenary College of LA > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= _________________________________________________________________ Take advantage of our best MSN Dial-up offer of the year - six months @$9.95/month. Sign up now! http://join.msn.com/?page=dept/dialup ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
