Endpoint Protection

 View Only

  • 1.  Block wireless traffic doesn't work RU7 MP1

    Posted Jan 04, 2012 04:23 AM

    I need setup blocking wireless when ethernet interface is active and disconnecting wireless when ethernet cable is plug-in. (Clients can not have two ip addresses at the same time.)

    I configured location awareness according to article:

    http://www.symantec.com/business/support/index?page=content&id=TECH104970&locale=en_US

    But clients still can connect to wireless and have two ip addresses. Clients also don't switch to wireless location because still connect to ethernet.

    Please help.


    SEP 11 RU7 MP1, testing on laptop DELL Latitiude E5410

    Regards
    Tom



  • 2.  RE: Block wireless traffic doesn't work RU7 MP1

    Posted Jan 04, 2012 04:35 AM

    If you set any other criteria does the locations switch ? What condition have you kept as default ?



  • 3.  RE: Block wireless traffic doesn't work RU7 MP1

    Posted Jan 04, 2012 05:12 AM

    I had setup two location:

    1. Default (setup as default)
    condition: Network Connection Type is Ethernet

    2. Wireless
    conditions: Network Connection Type is Wireless AND If the client computer does not use the network connection type specified below: Ethernet

    and add firewall rule blocking wireless to default location.



  • 4.  RE: Block wireless traffic doesn't work RU7 MP1

    Posted Jan 04, 2012 05:21 AM

    So if I am correct you want that LAN and Wireless both should not be ON at the same time ?

    However when LAN is disconnected Wireless should work ?

    Or do you want to completely block Wireless ?



  • 5.  RE: Block wireless traffic doesn't work RU7 MP1

    Posted Jan 04, 2012 05:35 AM

    So if I am correct you want that LAN and Wireless both should not be ON at the same time ?

    Yes.

    However when LAN is disconnected Wireless should work ?

    Excactly.


    Also client must disconnect from wireless when ethernet cable is attached or ethernet connection is enabled.



  • 6.  RE: Block wireless traffic doesn't work RU7 MP1

    Posted Jan 06, 2012 05:25 PM

    I found an article in which the information about the problem to change the location when client has installed the vmware adapter and when as criteria is set connection type "Ethernet".

    http://www.symantec.com/connect/ideas/sep-11x-location-awareness-detecs-vm-ethernet-adapters-real-adapters#comment-6448751

    So I disabled vmware network adapter and nothing has changed. Then unistall vmware network adapter and still the same: client can connect to wireless when ethernet is active.


    I know there is another option to block the wireless network using Device blocking rule. It works almost like I expected. Namely, when the ethernet card is active the wifi card is blocked. In contrast, when the ethernet card is disabled, the wifi card can not be enabled and thus client can not switch to "wireless" location. I had to add a third location ("non-ethernet") when as criteria is: If the client computer does not use the network connection type specified below: Ethernet. After turning off the ethernet card, SEP switch to this "non-ethernet" location, then connects to the wireless network and switch to "wirelless".
    Problem is for me to get device id of all computers and update them later. Whether it can be done remotely?


    Has anyone successfully implemented a blocking traffic to a wireless network, and could share your comments?

    I will be grateful for any suggestions in this regard.