Multiple Connections – Management

Desktop management applications
Incident response
Intrusion management
Mobile security
Network security
Hello, I am working on a project that we have a deployed a Personal Firewall product on laptop users. The Personal Firewall allows us to define a server based access profile or FW rules for each type of connection and IP range. ie. Ethernet, WLAN etc. The issue is, this personal FW activates BOTH connection profiles when users connect to 2 types of connections at the same instance, bridging the networks. The target is, that laptops are ONLY allowed the default type of connection while connected to the Enterprise LAN but can utilise WLAN when away from the office. Just not at the same time! Qs 1. Anybody knows a software that can perform this please? 2. If not, can somebody please recommend a personal FW product, that can prioritise connection profiles and policies, and lock down connections if needed? Thanks in advance.

Answer Wiki

Thanks. We'll let you know when a new response is added.

McAfee has a product that does it.

Discuss This Question: 4  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Poppaman2
    No answer (sorry...) just an observation: I have seen this issue with both Norton Personal Firewall and with Sygate Personal Firewall, and have no reason the think that either will "correct" the issue now that Symantec owns Sygate. I have little info on this issue for any other personal firewall... You might want to try setting up two different hardware profiles, one with the hard wire LAN card enabled and one with the wireless, but that's a really inconvenient way around the issue....
    0 pointsBadges:
  • bmarone
    I have interest in this as we are about to do the same. But I'd like to know, what is your issue exactly? In my experience with the NT-based OS's, the networks do not get "bridged" unless IP filtering/forwarding/routing is enabled, which is not the default. If the firewall product itself is bridging the networks, there should be a setting to disable it. If the issue is connection speed, the wireless adapter gets a lower priority metric, usually 20, than the hard-wired connection, usually 1. So if you have both adapters on 192.168.1.x and connected from boot, the traffic should favor the copper. In the event a user connects the copper after bootup, they need only disconnect from the AP or possibly just close the apps that have started on the wireless route so they relearn. Of course, some users may find it easier to just reboot after plugging in copper.
    0 pointsBadges:
  • Larrythethird
    The problem I see with both cards being active is that the firewall usually only grabs one of the cards. The second card is free to inject the network with whatever the user picked up in his travels. I have been looking for something like this ever since we installed our first single access point. Laptop users go home, or on the road, come back to the office and plug in the copper while the wireless is still active. I have never liked the idea of an unattended wireless card searching for the "first available network" like an executive has their laptop setup for his or her home wireless network.
    0 pointsBadges:
  • DaJackel
    Well, there are a few questions we really need answered first. What type of domain are they logging into at work? What type of OS are we dealing with? And is wireless the 2nd connection type or do you have users with 2 nics or possibly a modem? Right off the back I'd say either write a logon script to disable the 2nd connection type hardware. Or if it's an AD domain, implement a group policy. You have many options but to figure out what would be best in your particular situation we need to know a little more.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: