I think we have discovered a possible security flaw in the wireless security
routines for the SGS 360R.

While configuring Secure WLAN settings in the 360R we have discovered that
the "Enforce VPN Tunnels/Disallow IPSec pass thru" and "Enforce VPN
Tunnels/Allow IPSec pass thru" setting in both 2.1 build 300 and build 415
firmware do not appear to actually prohibit non-VPNed wireless connections
from reaching the internal LAN. According the documentation when using
either of the "Enforce VPN Tunnel" modes, only DNS, DHCP, and ARP traffic
are allowed to reach (we believe this also include ICMP, but its not
documented) the internal network without being encrypted by the VPN. We have
been able to send a wide variety of TCP/IP traffic (including ODBC and HTTP)
to the internal LAN over a connection that is suppose to allow only traffic
traveling inside a VPN.

We have confirmed this internally using a single SGS 360R with the Symantec
Wireless Access Point card and two Win2K laptops with WPC45G Linksys WiFi
cards. 

This occurs whether or not WEP is being used.

Has anyone experienced this problem? Can anyone reproduce it?

We have reported the problem to Symantec and they are investigating.

thanks,

DN