WinGate Forums

by **odge** » Nov 30 05 12:02 am

Hi there,

I have a system policy that involves checking if the IP matches the MAC address, because the user is assumed, the IP is correct and MAC address its pretty strong hardware authentication, however, my wingate server is no longer my DHCP server on my new premises. Because of this only pc's that were previously using the wingate server as the DHCP server are able to authenticate, the new pc's that have never used the wingate DHCP server (even though the details are correct) cannot authenticate.

WHY!

by **Pascal** » Nov 30 05 11:14 am

Because when WinGate leases an IP to a machine it obtains knowledge of it's MAC address. You generally need to use WinGate's DHCP service to have that information available. However, if the client is not a DHCP client of WinGate it will check the ARP cache to see if it can discover the MAC address for it.

by **odge** » Nov 30 05 9:33 pm

Hi,

It doesn't seem to be checking the arp cache, in fact it seems to deny the NAT immediately and it doesn't show in the IP arp cache.

I mean, it seems odd to use the DHCP as the check mechanism anyway... because after a pc is turned off, another one could then temporarily use that IP while it is off - meaning you'd still have to check the MAC in real time - meaning that checking the DHCP is a bad idea to begin with, or at least a redundant point.

I hope I'm not being difficult.

WinGate Forums

Security Policy involving MAC addresses - DHCP required?

Security Policy involving MAC addresses - DHCP required?

Who is online