Put the wireless router on the PSN network leg and setup filters to allow access as needed. That may help eliminate the issues.
You can also setup a Win server with global policy to clear that nic setting and relocate a DHCP server... This provides much better security and helps to keep you from getting hacked! I strongly recommend doing away with wireless in the business environment. Road warriors are everywhere and they are far more sophisticated now. By putting a wireless gateway on your backbone, you totally defeat the purpose of having that firewall. I have seen wireless in several arenas (US and abroad) get cracked and usually when that happens the entire net is opened like a can of tuna. For me the question is - Is the security of my job worth the risk of making a handful of users happy? The answer is NO. I really suggest you put it in writing that you are opposed to this solution and that you are concerned that the company IP (Intellectual Property) is being placed in jeopardy of theft because of the security risk this poses. If they must have it, then perhaps you can implement it on the PSN and then require them to VPN into the net for backbone access. Just a thought. Danny -----Original Message----- From: Dan Swartzendruber [mailto:[EMAIL PROTECTED] Sent: Monday, June 27, 2005 10:35 AM To: Roger Cornelius; Cox, Danny H. Cc: [email protected] Subject: Re: [gb-users] odd GB-Ware problem At 01:30 PM 6/27/2005, Roger Cornelius wrote: >On 06/24/2005 07:51, Cox, Danny H. wrote: > > Do you have your wireless router on the same subnet as your copper LAN? > > > > Danny > >Yes, the wireless access points (we have several) are on the same subnet >as everything else. I've also now determined that the problematic users >both have verizon DSL at home, and the verizon modem/routers' dhcp is >giving them the same IP as we use for the firewall. When they walk in >the building, wham. > >So is there a way to lock down the IP address of the firewall so it >can't be hijacked like this? maybe a RAF to block inbound packets from the gb's own IP? doesn't really solve your problem, since those laptops can still respond to ARP requests from hosts on your network, and interfere with connectivity anyway... ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/
