|
1. How do I create custom Group Policy Templates for distribution to users?
In order to create custom Group Policy templates other than the standard templates provided with your FirePass appliance you will need to use the GPAnywhere for VPN Console. The GPAnywhere for VPN Console allows you to create custom templates for distribution through FirePass.
2. What is the GPAnywhere for VPN Console?
The GPAnywhere for VPN Console is a Group Policy Management Console add-on that allows you to create a GPAnywhere template from an existing Group Policy Object.
3. How do I obtain the GPAnywhere for VPN Console?
The console can be purchased directly from FullArmor Corporation. Inquiries and purchases can be made by calling (617) 457 8100 or by emailing to sales@fullarmor.com.
4. Will custom templates work with my existing FirePass appliance?
Yes, custom templates created with GPAnywhere are compatible with all FirePass models (1000, 1200, 4100, and 4300). Custom templates can be assigned to groups or users and distributed accordingly.
5. Is there additional software needed to create custom templates in the GPAnywhere for VPN Console?
Yes, the console requires Group Policy Management Console, a free management tool from Microsoft, in order to create custom templates from existing Group Policy Objects. The custom templates also require security certificates to be distributed to clients receiving custom GPO templates.
6. How will I sign the custom Group Policy templates I create?
The procedure for signing a custom built template is contained within the GPAnywhere for VPN Console User’s Guide. Please refer to the appropriate section for information on certificates and signing templates.
7. Will FirePass distribute the certificates need for custom Group Policy templates?
No, currently FirePass does not have the ability to deploy the certificates need for custom Group Policy templates to function properly. Certificates must be deployed through a third party method such as Microsoft SMS, for example.
8. How can I edit the default templates supplied with FirePass’ Group Policy add-on?
Once a GPO is converted into an executable template by GPAnywhere it cannot be converted back into a Group Policy Object. Editing of settings occurs within GPEdit then GPAnywhere converts the GPO into a template. GPAnywhere for VPN Console does come with GPO backups for the default templates. These backups can be restored and used as a starting point for the creation of custom templates based upon a default template.
9. Where can I download more default templates?
In the future both FullArmor anf F5 will create and publish additional default templates. These new templates will be based largely on client feedback and security need.
10. Will the GPAnywhere for VPN Console support creating custom templates for all GPO settings?
No, GPAnywhere does not support certain settings contained with a GPO. For example, software distribution settings are not support in GPAnywhere templates. Additionally here are settings that are not recommended for distribution to FirePass VPN users. Any setting that requires a restart of the machine, ‘tattoos’ the registry, or needs the user to logoff and login in order to take effect. Please refer to the GPAnywhere manual for more detailed information on settings supported.
11. Will the GPAnywhere for VPN Console support GPO settings for Windows 2000, Windows XP, and Windows Vista?
Yes, GPAnywhere supports application of Group Policy settings to Windows 2000, XP, and Vista computers.
12. How do I deploy custom templates created with the GPAnywhere for VPN Console?
Custom templates created with GPAnywhere can be uploaded through the FirePass administrator’s console. Use the Windows Group Policy section contained within Endpoint Inspectors under Endpoint Security for Users. Once custom templates are uploaded they will need to be inserted into the appropriate Pre-Logon sequence for the targeted user or group. Please refer to your FirePass manual for instructions on creating Pre-Logon sequences.
|
