Re: Firewall turns off when connecting to VPN

Tech-Archive recommends: Speed Up your PC by fixing your registry

I don't know the SonicWall client. You may have to talk to them. Is that an SSL client or an IPSec client?
Anthony,
http://www.airdesk.com



"bnick22" <bnick22@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:2BAAA5C3-0C7E-41CC-8A01-327B7F1C62D9@xxxxxxxxxxxxxxxx
Just when the user connects using the SonicWall Global VPN Client.

"Anthony [MVP]" wrote:

They don't have to be given an address in the same subnet. You can put them
in a different subnet. Then they are not on the same network as the DC. You
could also try assigning a non-domain suffix.
Is this VPN created at computer startup, or just when the user logs on and
connects?
Anthony
http://www.airdesk.com



"bnick22" <bnick22@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:195A9E7C-7894-49B1-88AF-156D2489179F@xxxxxxxxxxxxxxxx
> Anthony,
>
> Yes, VPN clients end up on the same subnet as the "regular" clients > inside
> the network. So they are, in fact, on the managed network. The issue is
> that
> the Windows firewall seems to lack per-connection management via GPO. I
> can
> either firewall ALL network connections, or firewall NO network
> connections.
> And as long as one network adapter is on the managed network, Windows
> applies
> the domain profile.
>
> -BNick22
>
> "Anthony [MVP]" wrote:
>
>> Is your VPN using addresses on the same subnet as the regular domain
>> network? (So that the PC is, in effect, on the domain network)
>> Anthony
>> http://www.airdesk.com
>>
>>
>> "bnick22" <bnick22@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:BF0E058E-043D-419B-AB6A-6C7620A852CE@xxxxxxxxxxxxxxxx
>> > I have a firewall GPO that defines both a domain profile and a >> > standard
>> > profile. Until I take the time to properly configure the domain
>> > profile,
>> > it's
>> > currently set to disable the firewall. The standard profile, of >> > course,
>> > enables the firewall. This initially works fine for my mobile users:
>> > when
>> > they're on the domain network, the firewall is disabled; when >> > they're
>> > on a
>> > public network, it's enabled.
>> >
>> > But because of how network determination works
>> > (http://technet.microsoft.com/en-us/library/bb878049.aspx), as soon >> > as
>> > the
>> > client connects to the VPN, Windows thinks the computer is back on a
>> > managed
>> > network, and therefore uses the domain profile settings, disabling >> > the
>> > firewall for all connections--even their public Wi-Fi connection. >> > Even
>> > after
>> > disconnecting from the VPN--and even after ipconfig >> > release/renew--the
>> > firewall remains off for all connections.
>> >
>> > (It should be noted that we're using split tunneling to allow their
>> > regular
>> > web browsing to use the public network, and only domain-specific
>> > traffic
>> > uses
>> > the VPN connection.)
>> >
>> > Is there a way to control this on a more granular level? I'd like >> > the
>> > VPN
>> > connection to use my domain profile all the time, but when the LAN >> > or
>> > Wi-Fi
>> > connections are on a public network, I want to use the standard
>> > profile.
>>
>>

.

Relevant Pages