Originally posted here by DjM


Thanks iNViCTuS, I have been told that (now I know I am going to screw this up), VPN-1 has a "dual" tunnel feature with a 'firewall' between them. With this feature, a user could be out surfing the net through one tunnel and VPN'ed into our network with the other tunnel. The 'firewall' prevents anything from the internet tunnel to get to the VPN tunnel.

1) Is this true?
2) Have you tested it?

Cheers:
I have tried it, and yes it does work very well. I would recommend not using it with the SecuRemote client for security reasons however. If you know you have a need for split tunneling, you should take a look at a SecureClient policy server which allows you to centrally manage full firewall policies on the remote VPN users machine. So for example, you could allow a user to only use http while connected to the VPN, and once the VPN tunnel is terminated, you could allow anything. Or, if you really wanted, you could manage a restrictive policy whether the user is connected to the VPN or not. Send me an email if you would like more information about this or any other Checkpoint product.

Originally posted here by mmelby
I also like the fact that we can "brand" and preconfigure the Cisco VPN client. It makes installation and support much easier.
You can also do this with the SecureClient packaging tool for Checkpoint. In fact, it is much easier to use and much more flexible than Cisco's tool.