Well I think what's being suggested is this ICA client. Now I'm not sure
if that means NFuse, but it does require a software install. I've had some
other responses that haven't been posted to the list mentioning that for
full use of the Remote Citrix setups, other software must be installed to
take advantage of what Citrix Secure Gateway has to offer. From that
point, the Citrix admin designates which applications the users get. But
if one goes down the road of still having to install client software (ICA
client) either dynamically or statically, you might as well load the
Checkpoint client that allows for more granular control (personal firewall
policies, SCV, etc). Both can use strong authentication.
I'm curious, what's your take?
access-list
<[EMAIL PROTECTED]> To:
[email protected]
Sent by: Mailing list for cc:
discussion of Firewall-1 Subject: Re: [FW-1]
Citrix clientless VPN vs. SecureClient
<[EMAIL PROTECTED]
.US.CHECKPOINT.COM>
03/10/2005 09:19 AM
Please respond to Mailing
list for discussion of
Firewall-1
When you say "citrix clientless VPN" do you mean the citrix "nfuse"
product. I am quite familiar with that beast.
[EMAIL PROTECTED] wrote:
> Thanks guys.
>
> I was able to go through that PDF at the CP site. It compared it's own
> products to itself (VPN pro, Connectra, & SSL Network Extender) and
> highlighted it's own shortcomings (on the SSL site). Also noted that
each
> has it's own strengths depending on the need and the environment.
> The whitepaper suggested that most SSL VPN's are limited to backend
servers
> that provide their services with HTTP(S). Example, an internal Exchange
> box running OWA, or a Domino server also providing HTTP access to
> mailboxes. Maybe an internal corporate web server, or a web-based
> reporting server. These are the same things I remembered about
> browser-based SSL VPN's. But with this Citrix stuff, it appears that an
> Active-X dynamic plug-in can be loaded and then present a desktop-type
> environment. Where an internal server makes the backend connections (to
> the Exchange server, the Domino server, the SSH client to configure
> routers, the custom application to another internal server, etc). The
> Citrix desktop profile provides the real email client, the applications
the
> user needs. This Citrix server makes the backend connections and simply
> sends a display back to the client. Honestly, it looks to be impressive
> technology compared to what I remember about browser-based SSL VPN's.
>
> So, as comments go, it still looks like a both type setting. I'm still
> hoping someone who has implemented either both or moved to just one will
> chime in on this thread.
>
> But thanks for the input so far!
>
> Regards,
>
> Kevin
>
>
>
>
> Gary Scott
> <[EMAIL PROTECTED]> To:
[email protected]
> Sent by: Mailing list for cc:
> discussion of Firewall-1 Subject: Re:
[FW-1] Citrix clientless VPN vs. SecureClient
> <[EMAIL PROTECTED]
> .US.CHECKPOINT.COM>
>
>
> 03/08/2005 02:19 PM
> Please respond to Mailing
> list for discussion of
> Firewall-1
>
>
>
>
>
>
> CP has a great doc for the pros/cons for using ipsec verses ssl. You may
> have to register to view.
>
> http://www.checkpoint.com/promoforms/ww/2x/connectra2xww04_ty.html
>
> -GS
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Previtera, Sal
> Sent: Tuesday, March 08, 2005 1:33 PM
> To: [email protected]
> Subject: Re: [FW-1] Citrix clientless VPN vs. SecureClient
>
> Checkpoint has also clientless VPN....it is called SSL Network Extender.
> It uses HTTPS to download an Activex program on the PC and create a VPN
> tunnel. May want to check it out.
> Regards,
> Sal.
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:[EMAIL PROTECTED] On Behalf Of
> [EMAIL PROTECTED]
> Sent: Tuesday, March 08, 2005 10:52 AM
> To: [email protected]
> Subject: [FW-1] Citrix clientless VPN vs. SecureClient
>
> Just curious if folks have run into this before. I have my own pros &
> cons
> that I've come up with and I think it could end up with a Both scenario
> as
> there are benefits to both technologies. But what I'd like to hear is
> from
> people who have had to either choose between the two, or can give a
> little
> example of problems (or limitations) associated with either of the
> technologies. Personal opinions are free game also!
>
> Regards,
>
> Kevin
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
