We currently have 2 primary firewall policies, OnNet and OffNet. When OnNet (on the corporate network) the Firewall is enabled but basically in Allow All mode. When in OffNet (anywhere but the corporate network) the firewall is much more restrictive. We have an additional unmanaged network that we are trying to figure out how to deal with. We call it a Lab network and is a combination of corporate laptops that come and go, as well as computers and devices that could have come from anywere really, vendors, customers, etc. Some of them are computers, some of them are instruments, etc. Currently when on the “lab” network corporate computers are in OffNet mode. The issue is this, computers need to talk to devices while on that network that are consistantly being blocked by the firewall. Sometimes the corporate computer initiates the connection, sometimes the other device inititates the connection. Nothing is consistant either, IP’s ports or protocols, the use case is very broad. What we don’t want to do is just turn the firewall off when they are on this network, but there is also no easy way to define what ports and protocols need to be allowed. Does anyone have any suggestions on how to deal with this?
I do not need a solution (just sharing information)