- #F5 vpn client windows firewall how to
- #F5 vpn client windows firewall manual
- #F5 vpn client windows firewall professional
#F5 vpn client windows firewall how to
With that, in the event the client-side check fails we will redirect the user to the Microsoft support page on how to enable this service rather than an immediate deny. Next, we will add our Firewall checks which will include validating Windows Firewall is enabled. Select Save and the antivirus item will be added to your VPE.
Note: If you notice in the screenshot above, administrators also have the option of continuously checking for compliance of this requirement.
#F5 vpn client windows firewall manual
The last portion, if you so choose to define will be the DB version which requires manual entry.For state select enabled from the drop down.Select the product id from the drop down as I have done in the screenshot below.from the drop down.Īs you can see the vendor list contains many more antivirus vendors than your typical major products so no need to worry if you are using something like Avast or AVG, we have you covered! Next, we will define the Vendor ID which we will select McAfee, Inc.Within the platform field we will select Win for this use case.Once you have selected Add Item > Antivirus > Add Item, you will be presented with a second pop up which will allow you to define the Antivirus requirements for a workstation to connect.
#F5 vpn client windows firewall professional
We will start with AV to validate the workstation or mobile device is running McAfee VirusScan Professional Version 9, it is enabled and has the latest dat file identified as 8624. While we can see from the endpoint security tab you can configure antivirus and firewall checks, can it really be so granular that it will allow me to identify Windows firewall and McAfee AV? Only one way to find out, so let's get to it. In further discussions with the IA team, they require at a minimum Windows firewall be enabled and the organizations approved antivirus program installed and up to date. You then identify the Endpoint Security (Client-Side) tab and boom, this is exactly what you need! From the VPE you built to enable remote access solution, you follow your workflow and select add item after the user has successfully authenticated using directory services. No way, F5 provides endpoint security? Let's check it out.
OK, cool there's an article from F5.com discussing my exact use case. Others who have deployed F5 as a VPN solution have to have used a third-party solution, right? So we start with my personal favorite search method "NAC site:f5.com." Go out and find a NAC solution and by the way, there's no money!"Īt this point let's be honest, you only know what you know so you decide to go to your handy dandy search engine to identify a NAC solution. Now that you have saved your organization a ton of money by using the existing F5 BIG-IP in your data center as a VPN solution rather than investing in a yet another security appliance, leadership thinking you're a hero, your local IA shop steps in and says, "we still need a security device to apply network access controls prior to allowing access. I wanted to take this and go a bit further by adding additional security to this solution by requiring certain end point settings, services or even updates be deployed prior to allowing access to internal resources.
In a previous article we discussed how to configure the BIG-IP as an SSL VPN solution which can be found here.