Endpoint Protection

 View Only

  • 1.  Block all traffic until firewall starts - Wireless Connectivity

    Posted Apr 19, 2012 04:57 PM

    SEP V12.1 RU1

    We are doing some testing with the security setting "Block all traffic until the firewall starts and after the firewall stops".  We probably should have had this in place all along.  This appeared to work fine.  Pushed down the policy to the machine, stopped SEP and couldn't ping the machine, started SEP and could ping the machine again.  The machine was connected to the network via wireless with security and when I rebooted the machine it seemed that the SEP client icon took a little longer to appear on the toolbar and after that the wireless icon came up stating it had excellent strength but limited or no connectivity.  When hard wired everything was ok.  On a fluke I rebooted again with just the wireless connection and got the same result but then went in and disabled and enabled the wireless adapter and it connected successfully.

    Rebooted again with wireless and had no connectivity.  When searching for this type of issue in the forum I noticed that after about 3-4 minutes the wireless connected on its own.  It appears that the SEP client is blocking it for a period of time and then finally allows it?  We do have a rule in place to allow any wireless EAPOL adapters.

    Any ideas / resolutions?



  • 2.  RE: Block all traffic until firewall starts - Wireless Connectivity

    Posted Apr 20, 2012 09:20 AM

    I'm not sure what changed but now the wireless does not connect anymore on it's own.  It still connects after disabling and enabling though.



  • 3.  RE: Block all traffic until firewall starts - Wireless Connectivity

    Posted Apr 20, 2012 11:12 AM

    Are you using DHCP leases or Static IP addresses?

    If you are using DHCP addresses, this would be normal behavior.  The Wireless NIC in this case is unable to contact a DHCP server to obtain lease information.  So, it assigns itself an APIPA address: 169.254.x.x in order to be able to communicate with other clients on the network if the DHCP server fails.

    After disabling and re-enabling the adapter, a DHCP release - DHCP renew is sent and an address is acquired, thus the adapter has the ability to communicate on the network.

    * * * * * *

    Here is a blog on technet, which may help you.  It specifies the behavior and default configurations for a "normal DHCP client".  Where in Vista / 7, if the adapter is unable to obtain an IP address within 1 minute, the adpater "goes to sleep" and waits for 275 seconds (4 minuutes and 35 seconds) before trying again to reach the DHCP server. 

    This is, as you stated above, why some people indicate after 3 or 4 minutes, the problem "resolves itslef".

    You can adjust this setting in the registry to meet your needs.  All this and much more information on DHCP, APIPA, etc. can be found in the following link.

    http://blogs.technet.com/b/networking/archive/2009/01/29/dhcp-client-behavior.aspx

     

    Hope that helps.

     

    Cheers.