Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Firewall Advice"Black ICe 3.6"

Status
Not open for further replies.
klos81

klos81

IS-IT--Management
May 30, 2003
21
0
0
US
I Have A Win2K server which is the one that controls the Internet connection and domain controller, it is on-line 24/7, i have Black Ice 3.6 running as a firewall and i couldn't complaint until a user with a mobile pc came across. Every time the user tries to connect the pc to the network the firewall doesn't allow it to get the DHCP info so i have to go and stop the BlackIce engine and then reboot the laptop. once the laptop reboots and gets the info from DHCP and DNS i start the Black Ice engine again, so my "BOSS" says that is not the way is supposed to be.
what if i'm not in the office, that user won't be able to gain access to the network.

I need a recommendation about what to do...
get a physical firewall, or get a different firewall "software".

Thanks in advance
Klos
 
Sort by date Sort by votes
Is this user connecting from inside or outside your firewall?

If from outside, then blocking DHCP is the correct behavior from the firewall.

If it's from inside, then you should be able to modify your firewall rules to allow communication with the server.

As a general rule, though, it is always better to have a dedicated firewall. Giving a firewall something to do besides protecting the network is not a good idea.

Want the best answers? Ask the best questions: TANSTAAFL!
 
Upvote 0 Downvote
yeah it is from the outside,
 
Upvote 0 Downvote
Blocking DHCP from the outside is the correct behavior of the firewall. The outside world has no need to contact your DHCP server.

If you have mobile users outside your network who need to use resources in your network, you probably need to look at some kind of mobile user VPN solution. Lots of companies' products support this.

Want the best answers? Ask the best questions: TANSTAAFL!
 
Upvote 0 Downvote
the thing is that the user doesn't belong to my domain, is just somebody that comes twice a week into the office and needs access to the internet.
 
Upvote 0 Downvote
ok the problem was that i needed to open two ports so the dhcp and dns would work, port udp67 and port udp68.

thanks for help
klos
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DROFNUD
  • Locked
  • Helpful tip
Smartcenter Dashboard - Searching for "Any" keyword
Replies
0
Views
34
DROFNUD
DROFNUD
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
70
hairlessupportmonkey
hairlessupportmonkey
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
47
hall5942
hall5942
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
43
hall5942
hall5942
RodneyMcSnow
  • Locked
  • Question
Hardware firewall bypassed access to the lan network. Please Help! No it's not a root kit or virus
Replies
1
Views
42
ChrisHirst
ChrisHirst

Part and Inventory Search

Sponsor

Back
Top