Member "Mkimonos" writes: I am working on a project that we have a deployed a Personal Firewall product on laptop users. The Personal Firewall allows us to define a server based access profile or FW rules for each type of connection and IP range. ie. Ethernet, WLAN etc.
The issue is, this personal FW activates BOTH connection profiles when users connect to 2 types of connections at the same instance, bridging the networks.
The target is, that laptops are ONLY allowed the default type of connection while connected to the Enterprise LAN but can utilize WLAN when away from the office. Just not at the same time!
1. Anybody knows a software that can perform this please?
2. If not, can somebody please recommend a personal FW product, that can prioritize connection profiles and policies, and lock down connections if needed?
Member Bmarone writes: In my experience with the NT-based OS's, the networks do not get "bridged" unless IP filtering/forwarding/routing is enabled, which is not the default. If the firewall product itself is bridging the networks, there should be a setting to disable it.
If the issue is connection speed, the wireless adapter gets a lower priority metric, usually 20, than the hard-wired connection, usually 1. So if you have both adapters on 192.168.1.x and connected from boot, the traffic should favor the copper. In the event a user connects the copper after bootup, they need only disconnect from the AP or possibly just close the apps that have started on the wireless route so they relearn. Of course, some users may find it easier to just reboot after plugging in copper.
Member "larrythethird" writes: The problem I see with both cards being active is that the firewall usually only grabs one of the cards. The second card is free to inject the network with whatever the user picked up in his travels.
I have been looking for something like this ever since we installed our first single access point. Laptop users go home, or on the road, come back to the office and plug in the copper while the wireless is still active. I have never liked the idea of an unattended wireless card searching for the "first available network" like an executive has their laptop setup for his or her home wireless network.