Sign in with
Sign up | Sign in
Your question

profile dependent firewall configuration

Last response: in Networking
Share
Anonymous
May 10, 2004 6:26:52 PM

Archived from groups: comp.security.firewalls (More info?)

Is there a good tool that configures the XP ICF on a portable computer
automatically depending on the network connection. I have some services
runing on the computer that should be accessible in some networks but
not everywhere. Hardware profiles do not work for me (I do not want to
reboot each time I change the network...) Right now, it would be enough
for me if the tool would switch profiles based on the MAC address of
the connected ethernet switch or access point (well, for WLAN the
network name might be good as well...)

Gerald
Anonymous
May 11, 2004 5:53:52 AM

Archived from groups: comp.security.firewalls (More info?)

"Gerald Vogt" <vogt@spamcop.net> wrote in news:MiMnc.231797$e17.175811
@twister.nyroc.rr.com:

> Is there a good tool that configures the XP ICF on a portable computer
> automatically depending on the network connection. I have some services
> runing on the computer that should be accessible in some networks but
> not everywhere. Hardware profiles do not work for me (I do not want to
> reboot each time I change the network...) Right now, it would be enough
> for me if the tool would switch profiles based on the MAC address of
> the connected ethernet switch or access point (well, for WLAN the
> network name might be good as well...)
>

No, I don't think there is tool that can do it.

However, you can use IPsec to possibly accomplish what you're looking to
do, by implementing a SecPol rule for each given situation.

There can be only one SecPol with many rules with in the SecPol active on
the machine.

As an example, you can have one SecPol for home and activate it.

You can have a SecPol for NT-Domain1 with rules for it and activate it.

You can have a SecPol for NT-Domain2 with rules for it and activate it.

You can stop inbound or outbound by port, protocol, IP, subnet, DNS, etc.

If you were to active IPsec on the machine now, you'll see three SecPol's
that can be enabled on the machine -- only one of them can be active.

The AnalogX SecPol Template will give you a base to work from.

http://www.analogx.com/contents/articles/ipsec.htm
http://www.petri.co.il/block_ping_traffic_with_ipsec.ht...

Duane :) 
!