Firewall policies can be required, in which the assigned policy mandates the existence of the assigned firewall vendor to establish a tunnel. Optional firewall policies enable clients to connect if the firewall is not detected; however, the concentrator sends a notification message to the client.
The VPN Concentrator supports three vendor firewall policies:
AYT AYT reaffirms a specific firewall client is still present and active on the connecting client's workstation. It achieves this by sending AYT messages every 30 seconds. If it does not detect the firewall client, it disconnects the tunnel. Zone Alarm/Pro, BlackICE, and Seagate support this feature.
CPP Enables you to define rules and filters to be pushed down to individuals in the group. ZoneAlarm/Pro and Cisco's CIC support this feature.
ZoneLabs Integrity Server Works in conjunction with the VPN Concentrator to ensure consistent policies and enforcement in the enterprise workplace.