This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall - Location Detection

Hi All

I have implemented the firewall in our lab and have set the primary and secondary locations.  Primary = firewall disabled, Secondary = Enabled.  I have used DNS and IP lookups to our file servers.

Logging in to the Primary works fine, but if I unplug the network cable, whilst the laptop is on and set to Primary is does not fail over to secondary.

It works the other way around.  If a user docks the laptop and plugs the network cable in whilst the machine is on it switches to primary.

Is this a bug?  A lot of our users put their machines in standby mode so I'm wary that they will walk out of work with no firewall enabled and then pitch up at Starbucks.....

TIA Stuart

:9831


This thread was automatically locked due to age.
  • Hello Stuart,

    I've pointed out a related issue in the 9.5 (sic!) Beta and performed another extensive run of tests for 9.7.

    This is an obvious concern but - as you can find out with a simple test - it fortunately (or thanks to Sophos' engineers) doesn't work like this. The activation of the Wi-Fi connection will trigger location detection and the client will correctly select Secondary. Even if the Wi-Fi to Starbucks is already activated whilst the computer is still plugged in (anyone in an office adjacent to Starbucks?) a state change will occur - although as SCF is off in Primary you should also use Device Control to disable Wi-Fi while plugged in.

    I agree that it is a little bit worrying that the client does not immediately fall to Secondary - but keep in mind that at this point there is no connection at all so a switch could only affect loopback connections. Once the client "sees" a network the location is switched.

    In case you wonder - my tests were mainly concerned with a laptop+Virtual PC configuration (and the correct location selection on both host and guest including additional VPN connections).

    So - close the lid, grab the laptop and walk over to the cafe of your choice for a field test :smileywink:

    Christian         

    :9833
  • Christian

    Thanks for the swift response.  That does make sense about reconnecting to a network, so tomorrow I will heed your advice and go and get myself a skinny latte at my favourite wi-fi spot ;-)

    Thanks

    :9847