Dual NIC Firewall machine problems...


  1. odlumb
    Posts : 2
    Windows 7 Professional x64
       New #1

    Dual NIC Firewall machine problems...


    My question is a bit complicated, so please be patient while I explain what I need...


    I have many machines behind a single firewall machine. The firewall machine is dual ported (2 NICs) and the network is segmented (192.168.0.x for the external segment and 192.168.1.x for the internal segment). Everything is wired, no wireless. The external segment connects to a router out to the Internet. The internal segment connect to a hub/switch which connects to all the other machines on the local LAN.


    The firewall machine was running XP for many years, but the hardware was failing, and the OS needed to be upgraded. Done. We now have new hardware running Windows 7 Pro x64.


    All of the machines behind the firewall were already running Window 7 Pro x64, only the firewall machine has changed.


    OK, by turning on the appropriate services in the new firewall machine and enabling packet forwarding in the registry, it appears to be working. The machines on the local LAN can connect through the firewall machine to the Internet.


    I want to use the Window 7 firewall software in the new firewall machine. It provides the security for the local LAN, all the other machine on the LAN are trusted and their Windows 7 firewalls are turned off.


    To make this work correctly, the firewall machine needs to be actively connected to two networks, which it is, but here is where my problem begins. Windows 7 thinks both networks are public. I need the external network to be public, and the internal network to be work/private. Then, I could configure the Windows 7 firewall to to use the public profile on one NIC and the private profile on the other NIC, have the firewall turned on for both NICs, and everything is back to the way things worked with the old XP machine (which was NOT running the XP firewall software but instead a third party firewall application which allowed separate profiles for individual NICs).


    So, here is the question (finally) - how do I change the internal network connection to private? The Network and Sharing Center show multiple networks connected, both public (showing the bench icon). I can click on the bench icon for the external network to bring up the “Set Network Properties” panel and change it's name and icon if I want, but it's already configured correctly. The other network is labeled “Unidentified network”, and although I can click on the its bench icon to display the “Set Network Properties” panel, nothing is editable. In fact, other than the NIC's hardware configuration (IP address, DNS servers, etc.) nothing about this internal “Unidentified network” seems to be configurable at all, yet it's apparently working as expected.


    How do I change this internal “Unidentified network” from public to work/private?


    Comment – the network icon on the task bar shows a red “X”, in spite of the fact that TWO networks are connected and working. I expect this is coupled to the “Unidentified network” problem. Windows 7 is apparently confused (or I am )

    Final note – I'm not using ICS because all the IP address are static. I have a good reason for doing this, which is not going to change, so please, ICS is off the table, since it's incompatible with static addressing.

    Thanks in advance for any/all help.
      My Computer
    Quote Quote

  3. chev65
    Posts : 8,870
    Windows 7 Ult, Windows 8.1 Pro,
       New #2

    Maybe this will help.

    Unidentified Networks - Set as Private or Public

    It might also help to define the two subnets in the advanced TCP/IP settings in IPv4 properties.

    I would think that using a secondary router with a different subnet would work better for this.

    I wouldn't expect Windows 7 networking to work the same as the old XP version as there were many changes to the network stack with Windows 7.
      My Computer
    Quote Quote

  4. odlumb
    Posts : 2
    Windows 7 Professional x64
    Thread Starter
       New #3

    Thank you, much appreciated.

    The tutorial you recommended was very helpful. It appears I'm halfway there, in that the icon for the internal network changed in Network and Sharing Center, and it now says Work network instead of Public network.

    However, in spite of the fact that I specified that the user can change the name/icon of this network, I cannot. It's still listed as "Unidentified network", still uneditable, still have the red 'X' in the taskbar.

    I'm not familiar with defining a second subnet in the advanced TCP/IP settings in IPv4 properties. I know where this is and how to get there, but what exactly do I define? Do you mean two subnets in one NIC? Currently, each NIC has it's own IP address and default gateway (192.168.0.2 -> 192.168.0.1 and 192.168.1.1 -> 192.168.0.2). Note crossed networks on second pair, hence the need for packet forwarding. If that's what you meant it's already done, if not could you explain further please?

    What information exactly does Windows 7 lack that causes it to call this an "Unidentified network"? If I knew this I could perhaps go about supplying the info...

    Thanks again for your assistance chev65, I rang your bell...
      My Computer
    Quote Quote

  6. chev65
    Posts : 8,870
    Windows 7 Ult, Windows 8.1 Pro,
       New #4

    Yes you can add more than one subnet to a single NIC using the advanced TCP/IP settings window.

    In general Windows 7 seems to have problems with multiple networks although defining the different networks with static IP's might help.

    There are many causes for Unidentified network, maybe this link will help.
    Windows 7 Unidentified Network, Limited Access, No Internet Connection Problem Resolved

    This link can show you how to work with the metrics and the differences between Windows XP and Windows 7.

    http://blog.palehorse.net/2009/08/24...ways-and-dhcp/
    Last edited by chev65; 16 Dec 2012 at 11:44.
      My Computer
    Quote Quote

  7. edwar
    Posts : 983
    7 x64
       New #5

    Not sure you will ever get this to work the way you want. This is one reason MS make a Server OS along with many dedicated Firewall boxes and Linux OSs for this purpose.

    Windows 7 is a Desktop OS not a server OS.
      My Computer
    Quote Quote

 

  Related Discussions
I've been dual booting W7 and Linux for awhile now. Recently I've been wondering about doing a VM instead. What I'm wondering is, is one to be preferred over the other? What are the pros and cons of each? Both would allow me to keep W7, but use Linux for most internet work. This avoids the EOL...
Hello. i have windows 7 64 bit dual booted with linux(ubuntu 14.04 64 bit). Currently I have four primary partitions and an unallocated space that i just created by shrinking the c: drive as you can see in the screenshot attached with this thread. I want to create another drive so that i can store...
dual boot machine?
in General Discussion

do u use Linux and Windos dual boot machine?
Did a search of the forums and could not see this question answered. I have a copy of Win7 ultimate. I have a pc with multiple hard drives, running xp. I have a 32 Gig SSD (OC). What I want to do is put Win7 on the SSD, and then run dual boot so that I can still use the XP operating system. ...
Firstly - this forum is the best. I have had amazing help here. Thanks again... OK I have a couple of questions please: 1. I have a FUJITSU MHZ2160BH G2 2.5 ATA Hard Drive which is an moving parts hard drive. Id like to replace this with a Solid State much large hard drive. Are all 2.5 Hard...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 17:06.
Find Us