I use Sygate at my firm, and use auto-location switching. When users are inside the network (and on the domain), they have just about everything open (with IDS still active). When they are outside of the network, they are running the default protection.
I would really like to lockdown the external profile. My original plan was to block ALL Incoming ports, and block all Outgoing ports except
20, 21, 80, 443, and 10000 (for vpn). I think this would give them http and ftp access regardless of what network they are on, and when they use the vpn to connect to our internal network, any other ports that our software uses (like Outlook = 25) would be encapsulated in the vpn tunnel without issue.My concern now is about properly getting a DHCP assigned address, and using DNS to resolve Internet sites. Basically the fundamental stuff for getting on a network.
Rick
formatting link