Search This Blog

Monday, June 22, 2009

firewall-wizards Digest, Vol 38, Issue 11

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. VPN and XP Firewall GPO settings (Paul Hutchings)


----------------------------------------------------------------------

Message: 1
Date: Sat, 20 Jun 2009 18:30:49 +0100
From: Paul Hutchings <paul@spamcop.net>
Subject: [fw-wiz] VPN and XP Firewall GPO settings
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <DF4421BD-AB92-4055-A5D4-370E73D13981@spamcop.net>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed

Folks hoping for a little input here:

We have a Juniper SSL VPN that has Network Connect functionality. We
have our Group Policies configured so that when onsite XP firewall is
disabled, when offsite XP firewall is enabled.

It seems what's happening when people use the Network Connect
functionality of the VPN is that XP is detecting that it has
connectivity to the LAN and the domain controllers/DNS boxes and is
switching from the "Standard Profile" to the "Domain Profile" and
dropping the firewall, which is of course unacceptable (I accept it's
behaving by design so it's not really a criticism of Microsoft).

What do people do to work around this kind of issue? I guess a group
policy for laptops that enables the firewall even when on the domain
is one option, and I've opened a case with JTAC in case I'm missing
something on the SA config.

Thanks.


------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 38, Issue 11
************************************************

No comments: