Yesterday F5 announced the latest release of FirePass and I was going to write an entry here to cover it...occurring now.  The problem is that I was trying to write something different than what's in my 'Get to Know GPO' whitepaper located here but it always came out sounding 'like' the paper but not as good.  :-)  So, in order to get the word out, the way I originally wrote it, I'd like to cite myself both to promote FirePass and my paper.

"With the explosive growth of road warriors, telecommuters, temporary workers, and mobile users, it is virtually impossible for organizations to ensure that endpoint devices remain secure and compliant. Even devices that initially are fully compliant may become non-compliant when settings are inadvertently changed or when new corporate policies are implemented. IT administrators must be able to enforce consistent, current policy settings on endpoints whether they are connected or disconnected from the enterprise’s Active Directory domain.


Flexibility and simplicity are vital for enterprises struggling to manage and secure the numerous access policies of their mobile workforce. Policies cannot be applied with a “one size fits all” approach. Some organizations divide users into location or connection type categories like corporate office, home office, wireless, mobile, kiosk, and so forth. It really comes down to a determination of whether the device is trusted—such as a corporate laptop—or whether it is untrusted device— like a home computer. The potential risks of these devices are different so they must be treated as such. Traditionally, Group Policies for remote clients have been dependent on centralized Active Directory (AD) domain controller services and have been limited to the network domain boundaries defined by AD security and administration. This means a device had to be both part of and connected to the domain for a policy to be enforced, since it must be pushed to the device. Active Directory and Group Policy go hand in hand. However, there are limitations that are outside this influence, such as remote and non-AD endpoints that need policy enforcement and remediation when they connect to an organization’s intranet. Endpoint lockdown and security is a continuously moving target. Most major legislation requires security auditing for any device that connects to the infrastructure. Financial institutions are also imposing more strict auditing legislation and verification for end-to-end financial transactions."


The release of FirePass 6.0.3 now includes Group Policy Objects as part of it's endpoint host check arsenal.  It is now possible to provide endpoint security checking and session-based policy enforcement to any endpoint client connecting to FirePass—whether they are part of an AD domain or not. This new feature benefits customers by:
  • Extending Group Policy enforcement  without the domain access limitations of Microsoft Active Directory (AD).
  • Enhancing endpoint security to mobile workers and non-trusted devices.
  • Ensuring simple and quick implementation, with ready-to-use policy templates.
  • Preventing breaches with secure endpoint protection.
  • Maintaining complete compliance as standards change.
  • Providing active enforcement with centralized management to prevent policy decay.

If you do decide to download the paper, I promise there's a lot more and only these two paragraphs were lifted.
http://www.f5.com/pdf/white-papers/get-to-know-gpo-wp.pdf