cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 11

Blocking Wifi when on LAN

Jump to solution

Hi all,

I'm fairly new to McAfee EPS so hopefully someone might help me out or point me in the right direction.

We have EPS and we need to somehow block Wifi connections when a notebook is also connected to the LAN network.

Is this doable and if yes is there some guide I can follow to acheive this?

Thank you in advance and best regards.

1 Solution

Accepted Solutions
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 11

Re: Blocking Wifi when on LAN

Jump to solution

You should use connection aware groups configured in HIPS, there is desctipion in product guide for HIPS.

Thread should be moved to HIPS section, as this would be right product. EPS is a bunch of products - suit, not a product itself. ePO is central management product for HIPS functionlaity.

View solution in original post

10 Replies
Highlighted

Re: Blocking Wifi when on LAN

Jump to solution

What McAfee product is this (SIEM, ePO..?) so I can redirect this thread?

Highlighted
Level 7
Report Inappropriate Content
Message 3 of 11

Re: Blocking Wifi when on LAN

Jump to solution

Hi,

The product is McAfee Endpoint Protection Suite. It has ePolicy Orchestartor 5.0.1.

Regards.

Highlighted

Re: Blocking Wifi when on LAN

Jump to solution

OK, thanks.  Moved to ePO.

Highlighted
Level 16
Report Inappropriate Content
Message 5 of 11

Re: Blocking Wifi when on LAN

Jump to solution

Hi morph, I think this could be done with Device Control. You can check an example on how to block a wireless device here (page 20):

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24504/en_US/...

Highlighted
Level 7
Report Inappropriate Content
Message 6 of 11

Re: Blocking Wifi when on LAN

Jump to solution

Hi Laszlo,

from what I understand this would permanently disable the wireless card.

What we need is to be able to use the wireless card but if there is LAN connection to the corporate network to disable the wifi card/traffic.

Basicly we need to prevent someone being connected to the LAN network and at the same time connected to some unprotected wifi outside of our network.

Regards.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 11

Re: Blocking Wifi when on LAN

Jump to solution

You should use connection aware groups configured in HIPS, there is desctipion in product guide for HIPS.

Thread should be moved to HIPS section, as this would be right product. EPS is a bunch of products - suit, not a product itself. ePO is central management product for HIPS functionlaity.

View solution in original post

Highlighted

Re: Blocking Wifi when on LAN

Jump to solution

correct. could use some connection aware groups config'd with connection isolation enabled.

Highlighted
Level 16
Report Inappropriate Content
Message 9 of 11

Re: Blocking Wifi when on LAN

Jump to solution

morph escribió:

Hi Laszlo,

from what I understand this would permanently disable the wireless card.

What we need is to be able to use the wireless card but if there is LAN connection to the corporate network to disable the wifi card/traffic.

Basicly we need to prevent someone being connected to the LAN network and at the same time connected to some unprotected wifi outside of our network.

Regards.

Well in fact (if I'm right) there's a different way to handle this. You can set a policy to disable wireless card when being online (i.e. when being on ePO's network) but enabled when being offline (when outside your corporate LAN)

El mensaje fue editado por: ulyses31 on 18/07/14 15:00:03 CEST
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 11

Re: Blocking Wifi when on LAN

Jump to solution

HIPS does not have functionality to actually set a network adatper to DISABLED state.  In order to block WIFI on LAN networks, you would use Location Aware Groups and Connection Isolation (e.g, when the LAG matches/isolates the LAN adapter only, WIFI and all other adapters will automatically be blocked; basically moves the BLOCK ALL TRAFFIC rule to the LAG for all non-matching adapters).  Any rules above the LAG can still apply to WIFI adapters, if applicable.

Also, DHCP (and DNS) traffic is always allowed, so if the WIFI adapter is ENABLED by the OS, it will ALWAYS be allowed to get an IP address, but network traffic to/from that adapter may or may not be allowed depending on your configuration.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community