Does Vista Firewall support more than 1 active network at a time?

[Guest]

Does Vista Firewall support 2 ACTIVE network connections? It seems that the
firewall is designed to only support one active NIC at a time. I pose this
question as I have 2 disjointed NICS and cannot get Firewall to behave
correctly.

Network 1) accesses the LAN and the internet thru a gateway.
Network 2) accesses a private WAN thru a layer 5 switch

For Vista Firewall:
Network #1 has been setup as a Private Network Profile
Network #2 has also been setup as a Private Network Profile.

However, Network #2 will revert back to a Public Profile on every reboot.
The Public Profile will then "rule" both Network connections and as one would
expect connectivity thru both networks results in chaos.

How can I force Network #2 to remain within the Private Profile and stop
converting to Public on every reboot? Network #2 does not have a gateway (
its left blank in TCP/IP as there is no DNS or network resources served by a
gateway).

My suspicion is that since Network #2 has no gateway defined, the Windows
Network awareness API keeps converting it to a Public Profile.

Thank you for any assistance.

 

[Gloria Boyer [MSFT]]

For more firewall configuration flexibility, try Windows Firewall with
Advanced Security. To get to it, go to Control Panel, Administrative Tools.

Thanks,
Gloria

 

[Michael A. Bishop \(MSFT]

Since a component of recognising a network is the gateway MAC address, Vista
is probably seeing this network as new each time it connects (on reboot).
You might be able to work around this by setting the machine's own IP as its
gateway on that interface.

Vista supports having multiple connections, but there is only one firewall
state for the machine in Vista. If you have two interfaces, one on a Public
network and one on a Private network, then the machine will use Public
rules.

 

[...winston]

Michael,

I'm not even sure if one can do this but...
In a rare case a person with a home network might be connected to the
internet via a backup dialup connection if the cable was down but still have
a desire on occasion to network locally.

Does this indicate that if a dial-up connection(e.g. a backup to a cable
provider) and a Local Area Network connection(lan to router/wan to cable
with other wireless machines) are both in use on the same Vista machine that
Vista will always use the Public rules(e.g .Network Discovery, File Sharing,
Public Folder etc = Off) ?

I.e.
A dial-up connection makes more sense to set up as a public vs private,
where as a Local Area Network would use the suggested Private in a home
network setup.

...winston

 

[Michael A. Bishop \(MSFT]

That means that the Vista machine would switch to the Public profile while
dialed in to the ISP, yes. It would come back to Private upon
disconnecting.

 

[...winston]

Thanks so much...Good info.
And another reason to explain if the public profile is active with its
default settings the impact it can have on network discovery and sharing..
...winston

 

[Guest]

Thanks Michael. I was offline for a day downgrading to 32 bit from 64. Life
is already better (i.e. driver support).

How Vista deals with multiple NICs and profiles hasn't been documented yet
and thus your info is much appreciated. Please let me know if you come
across any further info. Thank you again.

loop

 

[rgbigel]

The behaviour I see on my machines is even more perverse, and I do hope that
someone from the Vista developers see this post (and maybe do something about
it).
Your post does explain some about the underlying causes of problems when
more than one network is used with a single-state firewall. Unfortunately I
can not see any remedy so far. Find below the list of my sufferings and the
configuration used; maybe there is still something you can give me advice on,
if not, the story may be good for a sarcastic smile:
-- Two machines with Vista (Ultimate)
-- two physical network adapters, one 100Mbit to router/WAN (router accepts
UPNP), the other 1000Mbit LAN local only (no internet sharing; all IPs with
fixed addresses andforced to IP4)
-- 2 or more virtual LAN adapters (obviously not actively connected at times)
-- OneCare is used as firewall, i.e. the windows firewall is not used.
Here's what I see happening:
- the system not accept the WAN as public and the LAN as private (I have to
make both public to share files and get internet connection)
- there appears no way to assign the virtual adapters to a seperate group of
adapters, they will always join the 1000Mbit LAN
- not only after rebooting, but also after hibernation or suspend modes,
the second adapter, which is the 1000Mbit LAN, is always set to public
(probably because of the virtual adapters being in the group and no
connections being possible then)
- this means that after resuming operation, the network is generally
impaired in one of several strange ways.
-- case 1: (which to my complete amazement even happens if I disable the
firewall completely,) i can not reach the internet via IE. I do see the
control page of the router on the WAN line. I can get network files via LAN!
I can ping external systems, but I can not pathping them.
-- case 2: occasionally the system will set up different routing priorities,
resulting in all file accesses on the network to use the 100Mbit WAN (via
router). When this happens, I can access the internet, but obviously file
access is extremely slow. I must close down the networks and restart them --
which ususally puts me into case 1.
I should think that my configuration is not really uncommon, but working
with Vista is very far from comfortable. Can you imagine how often I get the
UAC prompt when I try to fix things after resuming my systems?

That means that the Vista machine would switch to the Public profile while
dialed in to the ISP, yes. It would come back to Private upon
disconnecting.

::: I have seen the switch to Public, but NEVER the switch to Private:::

Rolf

 

[Nonny]

The behaviour I see on my machines is even more perverse, and I do hope that
someone from the Vista developers see this post (and maybe do something about
it).

Don't hold your breath.

Your post does explain some about the underlying causes of problems when
more than one network is used with a single-state firewall. Unfortunately I
can not see any remedy so far. Find below the list of my sufferings and the
configuration used; maybe there is still something you can give me advice on,
if not, the story may be good for a sarcastic smile:

You are replying to a very old post. Chances are that the person you
are replying to is no longer monitoring this thread.

 

[KYlocal]

How did you downgrade to Vista 32-Bit from 64-Bit? Did you encounter any
problems? I have a 32-Bit Media Kit (recovery disks) from another notebook
that I wanted to use. I received no help from Sony; indicated no knowledge or
experience in downgrading to 32-Bit. They expressed caution with using
existing recovery disks from another Sony unit since they were model
specific. I am not impressed with 64-Bit's incompatabilty with so many
programs (even AOL).