I've configured the HIPS 6.1 firewall to allow 10.x.x.x addresses when the PC is connected to VPN, and then apply other firewall rules on all other traffic. However, I've noticed that because the PC connected to VPN is connected to the internet using a router, the activity log is showing the traffic as originating from the router's IP address (192.168.x.x), and not the 10. address, so some traffic is being blocked.
How do I get around this if we can't guarantee if a user is using a router, and if so, which type they are using.
The network we are connecting to, through VPN is our corp's 10. network. So, we want to make sure that the firewall only allows the 10. traffic, not anything else.
The problem with just trusting the home router's IP traffic (192....) during a VPN connection is that not only will we be trusting the 10. traffic (which I want) but we would also be trusting non 10. traffic (which I don't want).
The trusted rule definition has a LOT of improvements in HIPS 7.0. Basically you get to pick and choose from all of the IP info that you would get in an IPCONFIG /ALL. So you can set up things that say 'if the range is xxx and the gateway is yyy and the dhcp server is zzz'.