cancel
Showing results for 
Search instead for 
Did you mean: 
agcorreia
Level 7

Blocking skype business to use VPN cisco anyconnect

Hi Gurus,

Is it possible to block Skype or Lync to use VPN thru cisco anyconnect? I would like to force the app go outside of the vpn like a split tunnel.

All traffic today goes thru the VPN when user is connected including skype, if somehow the traffic is blocked for an internal IP resolved it will try the public ones.

Is that possible to do on McAfee agent thru ePO?

Thanks in advance.

Russo

0 Kudos
4 Replies
catdaddy
Level 20

Re: Blocking skype business to use VPN cisco anyconnect

Successfully moved from Personal Firewall to ePolicy Orchestrator (ePO)  > Discussions

For better exposure ad assistance.

Cliff
McAfee Volunteer
0 Kudos
tao
Level 13

Re: Blocking skype business to use VPN cisco anyconnect

"....Skype or Lync to use VPN thru cisco anyconnect..."  take a look at the Cisco ASA configuration; there may be some ACLs that your could deploy to block or reroute the traffic.

The McAfee Agent is the client‑side component providing a secure communication channel from McAfee managed point‑products (VSE, ENS so on) back to an ePolicy Orchestrator server. Consider the Agent as the Taxi cab for McAfee information from the managed system back to the ePO server.  So, it wouldn't necessarily have the ability to stop or allow traffic/application - that function would rest on the actual managed point-products (VSE, ENS, so on) on the managed system.

tkinkead
Level 12

Re: Blocking skype business to use VPN cisco anyconnect

The right place to do this is absolutely on your AnyConnect configuration.  You can apply ACLs or routes to connected clients to prevent them from connecting to your Skype/Lync servers over the VPN connection. 

You absolutely cannot do this with the McAfee Agent.  The only McAfee application you might be able to use to make this work is HIPS, due to its firewall functionality. But I can't imagine that it would be easier or less complex to do it in HIPS than to do it in your AnyConnect configuration.

agcorreia
Level 7

Re: Blocking skype business to use VPN cisco anyconnect

Thanks for the info. I know that I should use HIPS and that is the matter, I think the easier way should be to block internal IP resolution on network firewall or as was said on AnyConnect itself.

0 Kudos