Re: XP Firewall Quandry



Many thanks Steve, thats pretty much confirmed what I thought, my only
concern with this approach is enabling a subnet exception when there is the
possibility that users connecting to another network connect using a similar
addressing scheme. We wish to enable network connections on external private
LANs/WiFi and these are likely to use the same non-internet routable
addresses 10.x etc.,

"Steven L Umbach" wrote:

I have seen this request a number of times and have not seen a good
resolution that is easily deployable. I suggest that you also cross post in
the Microsoft wireless and networking newsgroups of which there are two good
ones - sever.networking and windowsxp.network_web. One solution would be to
enable the Windows Firewall in both domain and standard policy. Then if
needed you could select the option to allow exceptions from specific admin
computers such as those that run rsop against the domain computers or use
Computer Management to access and manage. That would leave the domain
computers still functional while protecting the wireless network adapters
from the internet. Enabling the Windows Firewall does not prevent domain
computers/users from logging onto the domain and to access domain
sources. --- Steve



"Remy" <Remy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DEED63BF-30EF-4A2E-9911-3430AC1D8F67@xxxxxxxxxxxxxxxx
Hopefully someone here will know the answer to this, I have searched the
web
in vain.

I would like to deploy XP firewall to our clients and use for Wireless
connections. I have created a Domain and Standard policy and distrubuted
via
GP.

The domain policy disables the firewall, the Standard enables it. I
understand that when a DC is located the domain policy is applied and when
it
isn't the standard is applied.

Now, here's the problem. If someone connects to a wireless network AND LAN
simultaneously the domain policy is applied to both interfaces - not good.
This effectively provides a free tunnel from an insecure network into our
private one.

It doesn't matter the order in which the network connections are made.

I need to find a way to either apply the domain and standard policies to
separate connections or to disable the Wireless interface if a LAN is
detected, any help would be appreciated. Regardless of the argument on the
merits of the XP Firewall, this is an XP Firewall killer if there isn't a
solution.

regards,
Remy



.