3 Replies Latest reply on Dec 7, 2007 5:16 PM by McDuff

    HIPS 6.1 and Traffic Coming Through a Router

    McDuff
      Hello,

      I've configured the HIPS 6.1 firewall to allow 10.x.x.x addresses when the PC is connected to VPN, and then apply other firewall rules on all other traffic. However, I've noticed that because the PC connected to VPN is connected to the internet using a router, the activity log is showing the traffic as originating from the router's IP address (192.168.x.x), and not the 10. address, so some traffic is being blocked.

      How do I get around this if we can't guarantee if a user is using a router, and if so, which type they are using.
        • 1. RE: HIPS 6.1 and Traffic Coming Through a Router
          Trust the router. You should be able to create a rule where the source is 192.168.x.x on the local subnet.

          Are these home users?

          Both 10.x and 192.168.x.x are RFC1918 space and are not Internet routable. The firewall does not know the difference especially if you are performing NAT translation.

          The 10.x VPN connection rides on top of whatever network you have.
          • 2. RE: HIPS 6.1 and Traffic Coming Through a Router
            McDuff
            Perhaps I should clarify:

            The network we are connecting to, through VPN is our corp's 10. network. So, we want to make sure that the firewall only allows the 10. traffic, not anything else.

            The problem with just trusting the home router's IP traffic (192....) during a VPN connection is that not only will we be trusting the 10. traffic (which I want) but we would also be trusting non 10. traffic (which I don't want).
            • 3. Hips 7.0
              mdyer
              The trusted rule definition has a LOT of improvements in HIPS 7.0. Basically you get to pick and choose from all of the IP info that you would get in an IPCONFIG /ALL. So you can set up things that say 'if the range is xxx and the gateway is yyy and the dhcp server is zzz'.