Solved: Re: CSA 5.2.0.225 and Wireless

kerraj2004 · ‎08-17-2007

Does anyone know if it is possible to stop users from connecting to wireless networks while connected from the ethernet adapter? I did create a policy and used the Rule Module included in CSA (Prevent Wireless if Ethernet Active) and it allows me to connect to wireless networks.

Any info would be greatly appreciated.

tsteger1 · ‎08-20-2007

I think they create them so they are there if needed and you don't have to create them from scratch.

You could associate the existing rule module with a new Wireless Connection policy and attach that to your groups.

Whether you clone and modify copies or modify the original is a personal preference.

It should work either way and there are folks who prefer one over the other for various reasons.

Tom

View solution in original post

tsteger1 · ‎08-17-2007

I did in 5.2.210.

I used the Ethernet active with DNS suffix matching System State and the $Wi-fi [V5.2 r210].

It worked as expected.

Tom

Bradley Spencer · ‎08-17-2007

Yea the module still allows you to connect to the wireless network but does not allow traffic.

You could always look at blocking DHCP on wireless so you don't get an address.

Also, if you are using a managment application for the wireless interface you could always try blocking that from executing so the wireless connection does not establish. That is in theory but it should work.

kerraj2004 · ‎08-20-2007

So being that the rule module is in place without a policy, is it best that the rule be copied and then used. I guess i really dont understand why they have rule modules but do not associate it with a policy out of the box.

Thanks!

tsteger1 · ‎08-20-2007

I think they create them so they are there if needed and you don't have to create them from scratch.

You could associate the existing rule module with a new Wireless Connection policy and attach that to your groups.

Whether you clone and modify copies or modify the original is a personal preference.

It should work either way and there are folks who prefer one over the other for various reasons.

Tom

kerraj2004 · ‎08-21-2007

The Network Access Control rule is not performing the way i'd like. I would like for the rule with a system state of "Ethernet" is active to disable the wireless adapter from getting an IP address and or connecting to the AP. I dont want the brige my protected network with an unprotected one. I added the network service UDP/TCP along with the 192 ip range but has not corrected my issue.

Thanks,

tsteger1 · ‎08-22-2007

As Bradley mentioned, it does connect and get an address but does not allow traffic.

It wasn't designed to disable the adapter or DHCP, just deny access through the adapter.

There may be other things you can do to lock it down further but I think it is doing what you need it to.

Tom

csaadmin28 · ‎01-31-2008

Has anyone managed to get the CSA to disable the WLAN adapter if an ethernet connection is detected?

Although the CSA is ensuring that wired/wireless networks aren't bridged, it would be ideal if it could disable the adapter before it connected to a WLAN network instead of simply blocking traffic.