RE: Windows firewall scopes for notebook users ex office...

From: Jim Harrison (ISA) (jmharr_at_microsoft.com)
Date: 03/23/05

  • Next message: Murad Talukdar: "RE: Windows firewall scopes for notebook users ex office..." 
    Date: Tue, 22 Mar 2005 15:43:03 -0800
To: "Murad Talukdar" <talukdar_m@subway.com>, <focus-ms@securityfocus.com>

    "Scope" is determined in the context of the current IP settings.
    If the domain subnet is 10.9.8/24 and the home net is 123.123.123/24,
    then the Windows Firewall adjusts to that and deals with traffic
    according to basic subnetting rules.

    It really doesn't matter what the subnet is; if the scope is defined as
    "subnet", then all hosts in the current subnet are able to touch that
    protocol/port.

    Jim Harrison
    Security Business Unit (ISA SE)

    -----Original Message-----
    From: Murad Talukdar [mailto:talukdar_m@subway.com]
    Sent: Monday, March 21, 2005 11:33 PM
    To: focus-ms@securityfocus.com
    Subject: Windows firewall scopes for notebook users ex office...

    Hi List,
    When users with SP2 firewall enabled are out of the office, I understand
    there is a difference between the domain settings and non domain
    settings
    but how does the firewall 'recognise' the boundaries of the scope?

    What if scope is subnet and they simply connect to an identical
    subnet?(Not
    sure how likely that is) I think this would mean they are open on those
    ports that I have set exceptions for.

    Kind Regards
    Murad Talukdar

    ------------------------------------------------------------------------ 

    ---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
  • Next message: Murad Talukdar: "RE: Windows firewall scopes for notebook users ex office..."

    Relevant Pages

    • Re: Windows Firewall (WindowsXP SP2)
      ... I've got exactly the same problem with finding the Network settings. ... > for the domain for the Windows Firewall settings under [Computer ... Now we've brought another building online w/ a new subnet. ... opened the group policy - But now those options are nowhere to ...
      (microsoft.public.win2000.group_policy)
    • Re: Whats wrong with Windows 2k3 firewall? HELP ME PLEASE!
      ... You have to be careful with SCW as you found out. ... change the settings of an existing security configuration file but then save ... question - edit/change scope to make sure the scope is what you expect. ... SCW applies exactly what you configure for the Windows Firewall and if you ...
      (microsoft.public.windows.server.security)
    • RE: Increase DHCP numbers
      ... have two other options: superscoping or resubnetting. ... Simply changing the DHCP scope parameters does not give you more leases. ... DHCP runs on top of your network subnet architecture and can hand out ...
      (microsoft.public.win2000.general)
    • Re: Parent/Child domains
      ... Supervisors would be domain admins. ... subnet from the employees. ... configure one scope for the supervisors' subnet and ... (Or use two DHCP servers, ...
      (microsoft.public.windows.server.networking)
    • Re: 3 New Sites / New Company
      ... DHCP scopes to use per site. ... the question was do I need to only use the scope (subnet) for that site I ... DHCP Server and it has a correct Scope to "answer" the Query with. ...
      (microsoft.public.windows.server.active_directory)