i know there are several options, depending on how the LAN is implemented and wheter or not AD is implemented:
- Active directory: i can make groups in AD and use them in the WP rules then simply selecting entire network segments in WP and making the profiles
- fixed IP/ranges: i have to generate a definition per computer in UTM, then group them, very time consuming -and if i want to use MAC difficulty raised exponentially- (AFAIK there's no way to mass-import definitions from CSV file) and very easy to bypass by changing the local IP address. Then do the profiles in WP
- DHCP(external to UTM) with hostnames: not only is insanely time consuming(even more than a IP, having to enter a name AND then a FQDN by hand) but i've been burned by this before as UTM updates the hostnames whenever it wants(and caches it for X time, no idea if it respects the original TTL of the resource) instead of resolving aggressively, this makes for stations resolved to wrong IP all the time when DHCP changes their IP(and it's irrespective of the lease time as the IP could change one min after UTM randomly decided to resolve the IP and it would stay wrong for a long time)
[LIST=1]
- ¿what happens in mixed AD/non AD environment(for example where AD rollout is incomplete)?
- ¿or if customer simply wont use AD?
- ¿what's the "best practices" in this case?, what have you guys done in your deployments?
This thread was automatically locked due to age.
