VPN client restriction


We are considering implementing a VPN solution. But since some users are remote permanently, that means that installation of the VPN client will have to be done by themselves or some outsourced IT.

Is there a VPN solution out there that can make sure that either:

  1. the VPN client is installed on approved systems or
  2. the VPN client checks to see if certain software eg Anti virus are in a system before allowing installation.

My main reason for this is that I do not want users to install the software on their home computers and use these for VPN access since we do not know how secure they are. Let me know if more information is needed

Thanks for any response.


Reply to
Loading thread data ...

This will never work. You have to trust the people who are installing your security related software.

Good idea, because a VPN, which connects to confidential systems, may only consist of well-known hard- and software.

Yours, VB.

Reply to
Volker Birk

Your approach is wrong. If your VPN appliance does not allow you to restrict traffic to specific ports, then you've got the wrong appliance.

Remote users can VPN into the firewall, be limited to a remote desktop or citrix ports (RD=3389) and then limited to not mapping drives, com, printers, and connect to a Terminal Server or Citrix server. If you use this method you don't have to worry about what they have on their machines - at this time there is no malware that will push through 3389.

Reply to

I just picked up one of these for home and it's kinda cool...

formatting link
I'm still playing with it but hey, it's only $370 at Buy.com. It allows 25 simulatneous connections and is quite configurable without toooo much technical know-how. The users just go to a website and the client gets pushed down to thier pc. Also, Lethos has a good idea, restrict to port 3389 for an RDP connection or whatever. Either way, this box can be set up so th users see as little or as much as you want them to see.


Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.