profile dependent firewall configuration
Last response: in Networking
Archived from groups: comp.security.firewalls (More info?)
Is there a good tool that configures the XP ICF on a portable computer
automatically depending on the network connection. I have some services
runing on the computer that should be accessible in some networks but
not everywhere. Hardware profiles do not work for me (I do not want to
reboot each time I change the network...) Right now, it would be enough
for me if the tool would switch profiles based on the MAC address of
the connected ethernet switch or access point (well, for WLAN the
network name might be good as well...)
Gerald
Is there a good tool that configures the XP ICF on a portable computer
automatically depending on the network connection. I have some services
runing on the computer that should be accessible in some networks but
not everywhere. Hardware profiles do not work for me (I do not want to
reboot each time I change the network...) Right now, it would be enough
for me if the tool would switch profiles based on the MAC address of
the connected ethernet switch or access point (well, for WLAN the
network name might be good as well...)
Gerald
More about : profile dependent firewall configuration
Archived from groups: comp.security.firewalls (More info?)
"Gerald Vogt" <vogt@spamcop.net> wrote in news:MiMnc.231797$e17.175811
@twister.nyroc.rr.com:
> Is there a good tool that configures the XP ICF on a portable computer
> automatically depending on the network connection. I have some services
> runing on the computer that should be accessible in some networks but
> not everywhere. Hardware profiles do not work for me (I do not want to
> reboot each time I change the network...) Right now, it would be enough
> for me if the tool would switch profiles based on the MAC address of
> the connected ethernet switch or access point (well, for WLAN the
> network name might be good as well...)
>
No, I don't think there is tool that can do it.
However, you can use IPsec to possibly accomplish what you're looking to
do, by implementing a SecPol rule for each given situation.
There can be only one SecPol with many rules with in the SecPol active on
the machine.
As an example, you can have one SecPol for home and activate it.
You can have a SecPol for NT-Domain1 with rules for it and activate it.
You can have a SecPol for NT-Domain2 with rules for it and activate it.
You can stop inbound or outbound by port, protocol, IP, subnet, DNS, etc.
If you were to active IPsec on the machine now, you'll see three SecPol's
that can be enabled on the machine -- only one of them can be active.
The AnalogX SecPol Template will give you a base to work from.
http://www.analogx.com/contents/articles/ipsec.htm
http://www.petri.co.il/block_ping_traffic_with_ipsec.ht...
Duane![:)]( ":)")
"Gerald Vogt" <vogt@spamcop.net> wrote in news:MiMnc.231797$e17.175811
@twister.nyroc.rr.com:
> Is there a good tool that configures the XP ICF on a portable computer
> automatically depending on the network connection. I have some services
> runing on the computer that should be accessible in some networks but
> not everywhere. Hardware profiles do not work for me (I do not want to
> reboot each time I change the network...) Right now, it would be enough
> for me if the tool would switch profiles based on the MAC address of
> the connected ethernet switch or access point (well, for WLAN the
> network name might be good as well...)
>
No, I don't think there is tool that can do it.
However, you can use IPsec to possibly accomplish what you're looking to
do, by implementing a SecPol rule for each given situation.
There can be only one SecPol with many rules with in the SecPol active on
the machine.
As an example, you can have one SecPol for home and activate it.
You can have a SecPol for NT-Domain1 with rules for it and activate it.
You can have a SecPol for NT-Domain2 with rules for it and activate it.
You can stop inbound or outbound by port, protocol, IP, subnet, DNS, etc.
If you were to active IPsec on the machine now, you'll see three SecPol's
that can be enabled on the machine -- only one of them can be active.
The AnalogX SecPol Template will give you a base to work from.
http://www.analogx.com/contents/articles/ipsec.htm
http://www.petri.co.il/block_ping_traffic_with_ipsec.ht...
Duane
Related ressources:
- ForumWould a firewall prevent Sasser worm?
- ForumDedicated hardware profile for audio in XP?
- ForumWindows Firewall won't load
- ForumWhich Firewall ?
- ForumHelp configuring Windows 7 Firewall Outgoing Connections
- ForumWhich is the best firewall ?!
- ForumVpn in hardware firewall
- ForumPC Build Configuration Help
- ForumHelp a no nat configuration with firewalls?
- ForumUnplug/replug in router to connect
- ForumConfigurating the Firewall in both Linux and Xp!
- ForumTime to ditch Sygate firewall ?
- ForumFreeNAS trouble with firewall ?
- ForumWindows Firewall
- ForumWindows XP Msinfo32.exe Tool Fails with WXP Firewall
- ForumUnable to view firewall settings
- ForumGPO for Remote Desktop and Firewall Settings
- ForumHow to setup a 1GB Gigabyte Network
- ForumTiny Personal Firewall (5.5) configuration questions
- ForumFirewall Help - Setup and Maintenance
- More resources
Read discussions in other Networking categories
!
