|15 Dec 2012||#1|
Dual NIC Firewall machine problems...
My question is a bit complicated, so please be patient while I explain what I need...
I have many machines behind a single firewall machine. The firewall machine is dual ported (2 NICs) and the network is segmented (192.168.0.x for the external segment and 192.168.1.x for the internal segment). Everything is wired, no wireless. The external segment connects to a router out to the Internet. The internal segment connect to a hub/switch which connects to all the other machines on the local LAN.
The firewall machine was running XP for many years, but the hardware was failing, and the OS needed to be upgraded. Done. We now have new hardware running Windows 7 Pro x64.
All of the machines behind the firewall were already running Window 7 Pro x64, only the firewall machine has changed.
OK, by turning on the appropriate services in the new firewall machine and enabling packet forwarding in the registry, it appears to be working. The machines on the local LAN can connect through the firewall machine to the Internet.
I want to use the Window 7 firewall software in the new firewall machine. It provides the security for the local LAN, all the other machine on the LAN are trusted and their Windows 7 firewalls are turned off.
To make this work correctly, the firewall machine needs to be actively connected to two networks, which it is, but here is where my problem begins. Windows 7 thinks both networks are public. I need the external network to be public, and the internal network to be work/private. Then, I could configure the Windows 7 firewall to to use the public profile on one NIC and the private profile on the other NIC, have the firewall turned on for both NICs, and everything is back to the way things worked with the old XP machine (which was NOT running the XP firewall software but instead a third party firewall application which allowed separate profiles for individual NICs).
So, here is the question (finally) - how do I change the internal network connection to private? The Network and Sharing Center show multiple networks connected, both public (showing the bench icon). I can click on the bench icon for the external network to bring up the “Set Network Properties” panel and change it's name and icon if I want, but it's already configured correctly. The other network is labeled “Unidentified network”, and although I can click on the its bench icon to display the “Set Network Properties” panel, nothing is editable. In fact, other than the NIC's hardware configuration (IP address, DNS servers, etc.) nothing about this internal “Unidentified network” seems to be configurable at all, yet it's apparently working as expected.
How do I change this internal “Unidentified network” from public to work/private?
Comment – the network icon on the task bar shows a red “X”, in spite of the fact that TWO networks are connected and working. I expect this is coupled to the “Unidentified network” problem. Windows 7 is apparently confused (or I am )
Final note – I'm not using ICS because all the IP address are static. I have a good reason for doing this, which is not going to change, so please, ICS is off the table, since it's incompatible with static addressing.
Thanks in advance for any/all help.
|My System Specs|
|15 Dec 2012||#2|
Maybe this will help.
Unidentified Networks - Set as Private or Public
It might also help to define the two subnets in the advanced TCP/IP settings in IPv4 properties.
I would think that using a secondary router with a different subnet would work better for this.
I wouldn't expect Windows 7 networking to work the same as the old XP version as there were many changes to the network stack with Windows 7.
|My System Specs|
|15 Dec 2012||#3|
Thank you, much appreciated.
The tutorial you recommended was very helpful. It appears I'm halfway there, in that the icon for the internal network changed in Network and Sharing Center, and it now says Work network instead of Public network.
However, in spite of the fact that I specified that the user can change the name/icon of this network, I cannot. It's still listed as "Unidentified network", still uneditable, still have the red 'X' in the taskbar.
I'm not familiar with defining a second subnet in the advanced TCP/IP settings in IPv4 properties. I know where this is and how to get there, but what exactly do I define? Do you mean two subnets in one NIC? Currently, each NIC has it's own IP address and default gateway (192.168.0.2 -> 192.168.0.1 and 192.168.1.1 -> 192.168.0.2). Note crossed networks on second pair, hence the need for packet forwarding. If that's what you meant it's already done, if not could you explain further please?
What information exactly does Windows 7 lack that causes it to call this an "Unidentified network"? If I knew this I could perhaps go about supplying the info...
Thanks again for your assistance chev65, I rang your bell...
|My System Specs|
|15 Dec 2012||#4|
Yes you can add more than one subnet to a single NIC using the advanced TCP/IP settings window.
In general Windows 7 seems to have problems with multiple networks although defining the different networks with static IP's might help.
There are many causes for Unidentified network, maybe this link will help.
Windows 7 Unidentified Network, Limited Access, No Internet Connection Problem Resolved
This link can show you how to work with the metrics and the differences between Windows XP and Windows 7.
|My System Specs|
|Similar help and support threads for2: Dual NIC Firewall machine problems...|
|New machine and wanting to Dual Boot Win Xp and Win 7 on 2 drives||Installation & Setup|
|dual boot machine?||General Discussion|
|Adding a SSD to XP Machine and loading W7 Dual boot||Installation & Setup|
|Upgrading one operating system on a dual booting machine||Installation & Setup|
|Cloning Dual Boot Machine and Question on SSD||General Discussion|
|want to dual boot with a xp system hard drive from another machine||Installation & Setup|
© Designer Media Ltd
All times are GMT -5. The time now is 03:57 PM.