If you are using the VPN-1 SecureClient Policy Server, you can do this. According to the documentation found at http://www.checkpoint.com/products/secureclienttour/managers_perspective.htm l, what you need to do is establish a policy of "Allow Encrypted Only" for your desktop security. When a client connects to your corporate network, the FW-1/VPN-1 will verify that the client has the correct configuration, which in this case means "Allow Encrypted Only" or more simply, no split tunnelling. If the client is not in that configuration, the VPN tunnel is not established. What I cannot answer for certain, is what would happen if a client establishes a tunnel and then attempts to change the configuration. My guess is that to do so, they would have to end their current connection. Thus when they re-connected, the same check would occur and the tunnel would fail. However, I do not have the needed hardware or software on hand to test if that is indeed true or not.
Dig deeper on Security Resources
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.