The "stateful" firewall provides protection during a VPN session and protects the computer running the VPN client from Internet attacks while the VPN Client is connected to a VPN Concentrator.

When enabled, this feature allows no inbound sessions from all networks, regardless of whether a VPN connection is in effect. This means that if you have checked the "Stateful" Firewall (Always On) option, you have a firewall running on your machine AT ALL TIMES, regardless of whether or not you're even running the VPN Client at that time.

The policy is "set," which means that you can't customize it at all. In addition, the firewall is controlled on the client-side, so it protects both traffic regulated through the concentrator (UNC traffic), as well as traffic being sent out beyond the UNC network.

Users won't be able to have a server running on their PC and their system will no longer respond to PING requests.

There are also two exceptions to allowing no inbound traffic.

(1) DHCP Traffic IS Allowed Inbound: The "stateful" firewall will allow requests to the DHCP server to go out from one port and receive responses through a different port.

(2) VPN Data IS Allowed Inbound: The "stateful" firewall allows VPN data traffic from the secure gateway.

"Stateful" Firewall (Always On) is the most basic VPN Client firewall and provides the highest level of security. However, it is also the least flexible , since it blocks almost ALL incoming traffic and does not allow outbound traffic to be limited.

Note: The Always On personal firewall allows inbound access from the internal (tunneled) network to ensure that your internal applications work properly, while still providing additional protection for nontunneled traffic.

To enable or disable the "stateful" firewall, use the following procedure:

Step 1: Click on the Options menu and click on "Stateful" Firewall (Always on) . Or right-click the lock icon in the system tray, and choose "Stateful" Firewall .

When the "stateful" firewall is enabled, you see a check in front of the option.

This feature is disabled by default.

Step 2: During a VPN connection, to view the status of this feature, right-click the yellow lock icon in the system tray at the bottom right-hand side of your desktop screen.

If you have any questions or concerns, please call 962-HELP or visit other [ http://help.unc.edu/?id=2502 ] VPN FAQ .