cancel
Showing results for 
Search instead for 
Did you mean: 

Preventing crosstalk from wired to wireless

Hi

We have a wireless public Internet and a wired internal lan at or office, how can I use HIPS v.8.0 to isolate these two networks, or
can I prevent the computers to connected to both at the same time?

//Mårten

Message was edited by: marten_med_e on 2/4/11 3:47:17 AM CST

Message was edited by: marten_med_e on 2/4/11 4:13:50 AM CST
3 Replies

Re: Preventing crosstalk from wired to wireless

Think I have to clarify it some, I know there are software and vbs scripts out there that does that and I can dissable bridging with GPO, but I wounder if there is any setting/rule in HIPS to do it?

Highlighted

Re: Preventing crosstalk from wired to wireless

Marten,

I think one option within HIPS is to use "Connection Isolation".  Within your firewall rules you cant create Connection Aware Group (CAG) for both your wireless and your LAN then select the isolation option.  Connection isolation should block all other network connections except the one that fits that CAG.

McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Preventing crosstalk from wired to wireless

how can I use HIPS v.8.0 to isolate these two networks, or

can I prevent the computers to connected to both at the same time?

 Connection isolation should block all other network connections except the one that fits that CAG.

To clarify the Connection Isolation feature:

1. Connection Isolation does not always prevent network adapters from getting IP addresses (as the McAfee Agent Communication rule group which is added in memory automatically allows DHCP traffic).  So the network adapters will still show as having an IP addresses and connected to the network, but depending on your ruleset and CAG configuration, network traffic can be blocked for all non-matching network adapters.

2. Any firewall rules above a CAG that performs Connection Isolation will still apply to all network adapters.  Example: VPN rules should be above CAGs because you always want VPN tunnels to be established on any network adapter that the user is using, whether it be a wired or wireless connection.  But once the user is connected to VPN, you can them perform Connection Isolation to block traffic on non-matching adapters, but still allows the VPN tunnel to pass through even on a non-matching adapter (leaving the VPN tunnel established; otherwise the VPN tunnel would be destroyed).

For more details about CAGs:

PD20747 - Host Intrusion Prevention Firewall Connection-Aware Groups

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community