04-18-2011 07:11 PM
I'm a bit new to the screening aspect of the 5GT.
Is there a need to put any screen protection on any zones, except the Untrust zone?
We have VPN tunnels too and am just wondering if I should screen protection on the VPN zone as well.
04-18-2011 07:52 PM
I typically don't see Screen used for zones other than Untrust and DMZ. However, if you're using a custom zones (i.e. VPN) to terminate customer VPN's, then you may want to consider it as an added layer of protection. I would use caution though when making changes. I would tweak a little at a time and test.
04-18-2011 07:55 PM
Thanks for that. It's because we currently have screen used for Untrust, V1-Untrust and VPN.
Just wondering, would turning off the screen for VPN will speed up our VPN link, without the extra layer of screening?
We use IPSec VPNs, so not sure if the added protection is required, or not.
04-18-2011 08:02 PM
I don't think you would notice a change in performance. However, if you don' require the added security I would disable it. Just one more thing to troubleshoot in the event of an issue.