cancel
Showing results for 
Search instead for 
Did you mean: 

NC and XP Firewall

hutchingsp_
Contributor

NC and XP Firewall

I'm deploying an SA2500. Only company laptops will be allowed access, and our GPO for Windows Firewall is that when machines are connected to the domain the Windows Firewall should be disabled. What this means can happen is that a laptop connects to the VPN from offsite, Host Checker checks that the Windows Firewall is present and enabled, and if the user starts Network Connect at some point I presume the laptop will try and do a gppdate and because it has connectivity to our domain controllers and has its IP settings from our DHCP server it will switch off the firewall. Of course we don't want this to happen - what's the preferred option for dealing with this please? Thanks in advance.
5 REPLIES 5
hutchingsp_
Contributor

Re: NC and XP Firewall

OK so it seems there are a few ways to mitigate this outside of changing our XP Firewall group policy:

Disable split tunnelling - not a firewall but seems to have the effect of making the client appear invisible to its local subnet?

Use Host Checker Connection Control - great, fantastic... needs admin rights!!!

Does anyone know if the Connection Control can be made to work without admin rights by tweaking priviledges using Group Policy?

Tica_
Occasional Contributor

Re: NC and XP Firewall

Hello,

Doesn't the Juniper Installer service solve the problem?

This is a small application that should be installed on the PC with admin rights. Afterwards Juniper signed component can use this application to gain admin rights

Kind Regards

Tim

hutchingsp_
Contributor

Re: NC and XP Firewall

Unfortunately no, it would seem it doesn't apply to this component.
gamer004_
Contributor

Re: NC and XP Firewall

Take a look at Microsoft's service called Network Location Awareness (NLA). Google will tell you all about it..... We have a customer who combines his GPO Firewall policies with Network Connect and windows XP firewall. When an enduser is at home using the NC the XP firewall is updated with help of NLA. I'm not the expert on this ( not microsoft guru) so check it out if this pushed you into the right direction... regards, Frank
hutchingsp_
Contributor

Re: NC and XP Firewall

I don't think it's that - NLA seems to detect that the machine is on a "foreign" network until Network Connect launches and gpupdate eventually runs/kicks in.