Re: XP Firewall Quandry



Many thanks Steve, thats pretty much confirmed what I thought, my only
concern with this approach is enabling a subnet exception when there is the
possibility that users connecting to another network connect using a similar
addressing scheme. We wish to enable network connections on external private
LANs/WiFi and these are likely to use the same non-internet routable
addresses 10.x etc.,

"Steven L Umbach" wrote:

I have seen this request a number of times and have not seen a good
resolution that is easily deployable. I suggest that you also cross post in
the Microsoft wireless and networking newsgroups of which there are two good
ones - sever.networking and windowsxp.network_web. One solution would be to
enable the Windows Firewall in both domain and standard policy. Then if
needed you could select the option to allow exceptions from specific admin
computers such as those that run rsop against the domain computers or use
Computer Management to access and manage. That would leave the domain
computers still functional while protecting the wireless network adapters
from the internet. Enabling the Windows Firewall does not prevent domain
computers/users from logging onto the domain and to access domain
sources. --- Steve



"Remy" <Remy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DEED63BF-30EF-4A2E-9911-3430AC1D8F67@xxxxxxxxxxxxxxxx
Hopefully someone here will know the answer to this, I have searched the
web
in vain.

I would like to deploy XP firewall to our clients and use for Wireless
connections. I have created a Domain and Standard policy and distrubuted
via
GP.

The domain policy disables the firewall, the Standard enables it. I
understand that when a DC is located the domain policy is applied and when
it
isn't the standard is applied.

Now, here's the problem. If someone connects to a wireless network AND LAN
simultaneously the domain policy is applied to both interfaces - not good.
This effectively provides a free tunnel from an insecure network into our
private one.

It doesn't matter the order in which the network connections are made.

I need to find a way to either apply the domain and standard policies to
separate connections or to disable the Wireless interface if a LAN is
detected, any help would be appreciated. Regardless of the argument on the
merits of the XP Firewall, this is an XP Firewall killer if there isn't a
solution.

regards,
Remy



.



Relevant Pages

  • Re: Simple Printer Sharing/Networking Question
    ... And all 3 desktop computers are running Windows XP Pro ... We have turned on sharing for the network printers (in association with this ... caused by 1) a misconfigured firewall or overlooked firewall (including ...
    (microsoft.public.windowsxp.network_web)
  • Re: Networks : Workgroups and Domains. How Do I Use Them?
    ... in My Network Places, it may take some time for a network resource to show up. ... all of the computers must be on the same subnet. ... it depends on whether you have Simple File Sharing enabled or disabled. ... Problems sharing files between computers on a network are generally caused by 1) a misconfigured firewall or overlooked firewall; or 2) inadvertently running two firewalls such as the built-in Windows Firewall and a third-party firewall; and/or 3) not having identical user accounts and passwords on all Workgroup machines; 4) trying to create shares where the operating system does not permit it. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Sharing a printer
    ... Here are general network troubleshooting steps. ... Problems sharing files between computers on a network are generally caused by 1) a misconfigured firewall or overlooked firewall; or 2) inadvertently running two firewalls such as the built-in Windows Firewall and a third-party firewall; and/or 3) not having identical user accounts and passwords on all Workgroup machines; 4) trying to create shares where the operating system does not permit it. ... On the assumption that you in fact do have a router that connects to the Internet and that your computers then connect to the router, then if you think that you have one IP for multiple computers then you probably are using a website tool such as http://whatismyip.com/ That shows the your public IP address -- the one that the rest of the world sees. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Home Network with Vista & XP
    ... The 3 computers are: 1 laptop running XP Pro, 1 laptop running Vista Home Premium, and 1 desktop running XP Home. ... the vista laptop can see all terminals on the work group but the xp terminals cannot see the vista terminal in the network. ... Problems sharing files between computers on a network are generally caused by 1) a misconfigured firewall or overlooked firewall; or 2) inadvertently running two firewalls such as the built-in Windows Firewall and a third-party firewall; and/or 3) not having identical user accounts and passwords on all Workgroup machines; 4) trying to create shares where the operating system does not permit it. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Networks : Workgroups and Domains. How Do I Use Them?
    ... I think the problem is from my lack of understanding whether these machines are together as a workgroup or domain. ... If I want to configure solely for a workgroup network, then I would think I do not need to provide a domain name, and vice versa for a domain network. ... It's not clear whether any of your computers is running Windows 2000 *Server.* If not, you don't have a "domain" and shouldn't be using domain names. ... Problems sharing files between computers on a network are generally caused by 1) a misconfigured firewall or overlooked firewall; or 2) inadvertently running two firewalls such as the built-in Windows Firewall and a third-party firewall; and/or 3) not having identical user accounts and passwords on all Workgroup machines; 4) trying to create shares where the operating system does not permit it. ...
    (microsoft.public.windowsxp.network_web)