Firewall Wizards mailing list archives
Re: VPN and XP Firewall GPO settings
From: Victor Williams <bwilliam13 () windstream net>
Date: Mon, 22 Jun 2009 11:01:00 -0500
We have our GPO's set to have the firewall on, with the only exception being tcp port 139 and 445 can be accessed by our domain controllers. Would a setup like this not work? All of our VPN clients work with the Microsoft XP firewall turned on without issue. We use the Cisco IPSec client as well as the AnyConnect VPN client. No issues with either. The XP firewall by default allows any outgoing traffic, and no incoming unless you so specify. I'm not sure why it would be blocking your outgoing VPN traffic originating from your workstations. If it is, you should be able to make an exception related to the actual VPN executable allowing it outgoing access, and leave the firewall on all the time, regardless of what network it's connected to. ---- Paul Hutchings <paul () spamcop net> wrote:
Folks hoping for a little input here: We have a Juniper SSL VPN that has Network Connect functionality. We have our Group Policies configured so that when onsite XP firewall is disabled, when offsite XP firewall is enabled. It seems what's happening when people use the Network Connect functionality of the VPN is that XP is detecting that it has connectivity to the LAN and the domain controllers/DNS boxes and is switching from the "Standard Profile" to the "Domain Profile" and dropping the firewall, which is of course unacceptable (I accept it's behaving by design so it's not really a criticism of Microsoft). What do people do to work around this kind of issue? I guess a group policy for laptops that enables the firewall even when on the domain is one option, and I've opened a case with JTAC in case I'm missing something on the SA config. Thanks. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- VPN and XP Firewall GPO settings Paul Hutchings (Jun 22)
- Re: VPN and XP Firewall GPO settings Victor Williams (Jun 22)
- Re: VPN and XP Firewall GPO settings Paul Hutchings (Jun 22)
- Re: VPN and XP Firewall GPO settings Victor Williams (Jun 22)
- Re: VPN and XP Firewall GPO settings Paul Hutchings (Jun 22)
- <Possible follow-ups>
- Re: VPN and XP Firewall GPO settings Chris Hughes (Jun 23)
- Re: VPN and XP Firewall GPO settings Victor Williams (Jun 22)