firewall bypassing problem

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Don't let your users have admministrative access on their workstations. If
they can't change their IP address, then they'll be on the subnet you want
them on, using the default gateway you want them to use, putting all traffic
through the ISA firewall.

--
Mike Shepperd
MCSE NT4, 2000, 2003
NewFuture Consulting
Seattle, Washington


"anwar adil" <anwaradil@gmail.com> wrote in message
news:eZnk5PshFHA.1044@tk2msftngp13.phx.gbl...
> the senerio i hav made is this
>
> 192.168.10.x
> 192.168.0.x
> -----internet ------------[nat device]-------------------[isa
> server]-------------------
> public ip private ip
> LAN users
>
>
>
> the problem i am having is this .... as all my users r located on
> 192.168.0.x network and isa is the default gateway for them.....bt some of
> the users put 192.168.10.X ip address on there computer with
> 192.168.10.2(gateway for 10.x)network .so tht they r now on 10.x network
> which results in bypass isa server firewall.
>
> pls tell me is there anyway i can stop this.
>
>
> ANWAR ADIL
>
> CCNA , MCP
>
>
>

Archived from groups: microsoft.public.win2000.active_directory (More info?)

If the user is the admin on the local machine, there's not a lot you can do,
unless you can modify the actual gateways so that all traffic goes through
the ISA server... The diagram you put up earlier, didn't come through
clearly so I'm not sure why the 10.x network gateway is accessible to the
users, if it shouldn't be, maybe you can use a VLAN or physically separate
the networks... Sounds like you've got smart users who have not only the
power to set whatever they want on their machines, but also the curiosity to
find their way around any simple road blocks... That may be the bigger
issue.

--
Mike Shepperd
MCSE NT4, 2000, 2003
NewFuture Consulting
Seattle, Washington


"anwar adil" <anwaradil@gmail.com> wrote in message
newspFGME2hFHA.3256@TK2MSFTNGP12.phx.gbl...
> thank u mike for ur reply.. bt in my case i have to give admin. rights to
> my
> users... is there anyother way i can control this problem?
>
>
> "Mike Shepperd" <mikesmobile_|_gmail> wrote in message
> news:fNCdnVYoY8Vbf07fRVn-vg@comcast.com...
>> Don't let your users have admministrative access on their workstations.
> If
>> they can't change their IP address, then they'll be on the subnet you
>> want
>> them on, using the default gateway you want them to use, putting all
> traffic
>> through the ISA firewall.
>>
>> --
>> Mike Shepperd
>> MCSE NT4, 2000, 2003
>> NewFuture Consulting
>> Seattle, Washington
>>
>>
>> "anwar adil" <anwaradil@gmail.com> wrote in message
>> news:eZnk5PshFHA.1044@tk2msftngp13.phx.gbl...
>> > the senerio i hav made is this
>> >
>> > 192.168.10.x
>> > 192.168.0.x
>> > -----internet ------------[nat device]-------------------[isa
>> > server]-------------------
>> > public ip private ip
>> > LAN users
>> >
>> >
>> >
>> > the problem i am having is this .... as all my users r located on
>> > 192.168.0.x network and isa is the default gateway for them.....bt some
> of
>> > the users put 192.168.10.X ip address on there computer with
>> > 192.168.10.2(gateway for 10.x)network .so tht they r now on 10.x
>> > network
>> > which results in bypass isa server firewall.
>> >
>> > pls tell me is there anyway i can stop this.
>> >
>> >
>> > ANWAR ADIL
>> >
>> > CCNA , MCP
>> >
>> >
>> >
>>
>>
>
>