so that they can be managed - i.e wsus , group policies, SCOM etc.. also, theys are shared by different people on the organization that have domain accounts. The last thing i would want, was to create local accounts on those laptops - a management nightmare...
From: Taylorville, IL
our wireless is a dmz by design. Connecting them to LAN by wire we take away mobility from them. Creating a wireless attached to our LAN, it´s outside the budget.
That isn't true. 1. It is a bad design. Domain members on a DMZ means it is no longer a DMZ. It just becomse a LAN segment crippled by a NAT Relationship. 2. They are not going to "lose mobility" either way 3. Budget - It doesn't cost anything to simply plug a patch cable into a different spot to move the WAP into the LAN segment.
DSL Modem -> Linksys Router (with WiFi) -> ISA External -> Internal ISA (rest of the network is wired behind).
This current setup has worked, where if wireless access devices require internal resources, they just vpn. However, there's been some additions, including iphones, and other smart phones. Plus some of the network enabled audio devices.
I want to move the WAP to somewhere where I can get more access, either on a new decidated DMZ segment, or potentially if necessary internally. I need to allow access to some of the other DLNA devices wired on the internal lan, over wireless....
I've been reading through the DMZ configuration articles, since that was my first thought.
Initially, the configuration was to deal with the ISA 2000, dialer issues with DSL, so that's why the linksys is sitting out in front. And of course, with the wonders of the original wifi security. <G>