Best practices for Firewall policy settings for remote clients
The following table describes scenarios and best-practice recommendations.
Remote location where users log on without a VPN
Remote location where users log on through a VPN
You need to make all of these changes if you want to avoid the possibility of split tunneling through the VPN.
Office locations where users log on through Ethernet or wireless connections
Use your default Firewall policy. For the wireless connection, ensure that the rule to allow wireless EAPOL is enabled. 802.1x uses the Extensible Authentication Protocol over LAN (EAPOL) for connection authentication.