Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Best Practice - I.V.E. -Network Connect - Allow users to Internet?

JWCHealthCare_
Not applicable
‎05-16-2013 06:29:AM
‎05-16-2013 06:29:AM

Best Practice - I.V.E. -Network Connect - Allow users to Internet?

After being blacklisted with SpamHause on more than one occasion and working through a root cause analysis I've managed to lock things down even better than they were in much of our security equipment.  What I'm looking to do now is find the Best Practice and proof in documentation as to whether we should allow users to access the Internet through our gateway while connected to us.

Most users connect using Network Connect.  If they forget to disconnect from us before continuing their browsing, their Internet traffic effectively uses us as their gateway.  This has proven to be bad on more than one occasion.

Is it advisable to block I.V.E. users from the Internet while connected to us?  Can you please point me to the supporting documentation?

Thank you!

0 Kudos
2 REPLIES 2
jayLaiz_
Super Contributor
‎05-20-2013 07:58:AM
‎05-20-2013 07:58:AM

Re: Best Practice - I.V.E. -Network Connect - Allow users to Internet?

Hi,

 

There is no best practices document for the same:

 

If you are concerned about security and want users to access only internet websites you want them to access while during the VPN session,disable split tunneling is recommended.

 

From the internal interface of the IVE, you can filter the internet websites that the users are allowed to access using content filtering feature on the firewall, this will ensure that users do not vist any malicious websites while connected to the VPN.

 

Yes so it is advisable to block users from accessing malicious websites while connected to VPN but not block it completely.

 

Also, Host check policies need to be enforced so that Users have the appropriate AV installed on their PC, PC is scanned, AV has updated DAT files etc

 

If users are allowed to access internet via their ISP while connected to VPN, they can access any website they want. and hence disable split tunneling is considered more secure than enable split tunneling.

 

Thanks,

Jay

0 Kudos
zanyterp_
Respected Contributor
‎06-02-2013 08:34:AM
‎06-02-2013 08:34:AM

Re: Best Practice - I.V.E. -Network Connect - Allow users to Internet?

The choice is all yours. It sounds like you have split tunneling disabled and an ACL of *:* which would enforce any traffic filters you have on your network. You can modify your ACL if you want to set only specific devices/services.
Unfortunately the best practice is site-by-site, role-by-role for policies you want to use or not use. Sorry Smiley Sad
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.