Trusted Network Adapter fails on wifi / LAN

bilalkhan
bilalkhan W/ Alumni Posts: 4 Security Scout

Hi,
We recently deployed F-Secure Client Security 12.0 Premium on all of our work laptops. In it I have set Trusted Network Adapter set to Wired Network Adapter under Network Connections -> Firewall -> Settings tab.
I have a sales user who travels a lot and often uses public wifi to connect to our system via citrix session.

When this user logs on public wifi, he is unable to establish wifi connection.
When I set the trusted network adapter to none, he is able to connect on public wifi but has trouble using our LAN connection inside office.
Is there a recommended setting I can use to allow him to use public wifi and be able to hook up internal wired LAN connection ?

 

Btw, when logging from internal LAN, there is an event log message saying unable to authenticate the machine against firewall.

 

Any help would be appreciated.

Thank you

Comments

  • Vad
    Vad W/ Alumni Posts: 1,069 Cybercrime Crusader

    Hello bilalkhan,

     

    Autoselect feature could help you.

    You can find it in Policy Manager Console in Internet Shield policies:

     

    Autoselect.png

     

    You can select different Firewall profiles for different network conditions.

     

    Best regards,

    Vad

  • bilalkhan
    bilalkhan W/ Alumni Posts: 4 Security Scout

    Hi,

    Thank you for your response.

    I will give this a try and let you know if I succeed.

    After your suggestion, I came across this scenario provided by F-Secure as an example:

    https://help.f-secure.com/product.html#business/policy-manager/12.00/en/task_00F47681C12F4AE1839D43B2650409DB-12.00-en

     

    This is example require a laptop to connect to office lan otherwise dialup. 

    For our case, our autoselect will need to be between office Lan and Public wifi.

  • TKV
    TKV W/ Alumni Posts: 6 Security Scout

    I know this goes a bit off from your initial question, but I would suggest that you look into the firewall rules and find out how you can get your office LAN to function without using trusted network adapter.

     

    That setting is really dangerous as it effectively disables all firewall functionality on the network adapter chosen. That is, if it is enabled on the LAN adapter then nothing that passes trough it is scanned.

     

    I've been supporting / reselling F-Secure products 10+ years and haven't yet run into a LAN network issue that could not have been solved with propper rules. As a best-practice we allways disable the option of using trusted network adapter. You could then use the autoselect rules to switch between Office LAN and Public LAN settings and keeping the laptop secure when it leaves the office.

  • bilalkhan
    bilalkhan W/ Alumni Posts: 4 Security Scout

    That sounds fair enough.

    So far autoselect option is working. I will mark the above answer as best answer.

    But I have also noticed some desktop computers that work outside of our citrix environment also needed Trusted network set to LAN. If I don't do this then I noticed that desktop computer which had f-secure client installed works fine on day one but by day 2 internet fails. Local intranet would still be accessible.

    What changes would be recommended to avoid using trusted network option ?

  • TKV
    TKV W/ Alumni Posts: 6 Security Scout

    Really dificult to say based on just the information available here. Seems to be loosing contact with default gateway / routing broken if the local network works but nothing beyond it.

    I recall a similar issue with a lingering 3rd party firewall installation, it was not fully removed prior to F-Secure installation. But to get a better picture you really should consult with your reseller / F-Secure support as it probably involves packet captures / going through fsdiag.

This discussion has been closed.