Endpoint Protection

 View Only

  • 1.  Client Connects Then Disconnects Then Reconnects via VPN. Losing Location Awareness?

    Posted Feb 24, 2015 10:47 AM

    Some 12.1.4 clients will not stay connected to our network via VPN. It has connection via wireless to the internet then connects to our internal network via VPN briefly. It then gets kicked out with a message saying "your wireless connection has just been disabled while you are on the XXX network".

    Sometimes we also see the message "traffic has been blocked from this application..." And it will somtimes be IE and sometimes be our Cisco VPN client.

    It will then try to reconnect...then connect...then get kicked out again. This repeats continuously.

    Our location policies are driven by IP and whether or not the client is on wireless. Internal network gets a range of IPs and clients using VPN get a different range. Internal location policy has a firewall rule that doesn't allow wireless.

    12.1.2 clients do not have this problem. We have a separate SEPM for 12.1.2. (we're in the process of moving everyone over to 12.1.4 and have setup a separate SEPM server with 12.1.4 and copied over all the policies, etc.) We can remove the 12.1.4 client and reinstall 12.1.2 and they're fine.

    I've made sure all the policies on the two systems match.

    Could the client be losing location awareness? Losing it's IP?



  • 2.  RE: Client Connects Then Disconnects Then Reconnects via VPN. Losing Location Awareness?

    Posted Feb 24, 2015 12:45 PM

    Is there anything showing int he security log on the client?



  • 3.  RE: Client Connects Then Disconnects Then Reconnects via VPN. Losing Location Awareness?

    Posted Feb 24, 2015 12:53 PM

    Just found a thread on how to gather AutoLocation data in the debug log. I'll implement that and retry the event and see what we see.



  • 4.  RE: Client Connects Then Disconnects Then Reconnects via VPN. Losing Location Awareness?

    Posted Feb 26, 2015 04:06 PM

    I tried configuring debugging for AutoLocation per a document I found in the forum but I'm not really seeing what I thought I'd see. I thought I'd see the IP addresses being assigned then the location changing.

    I did find some stuff in the syslog.txt file:

    Location has been changed to Off-Domain.
    Connected to Symantec Endpoint Protection Manager (172.28.x.x)
    Location has been changed to Corporate Internal Network.
    Disconnected from Symantec Endpoint Protection Manager (172.28.x.x)
    Connected to Symantec Endpoint Protection Manager (172.28.x.x)
    Disconnected from Symantec Endpoint Protection Manager (172.28.x.x)
    Location has been changed to Off-Domain.
    Connected to Symantec Endpoint Protection Manager (172.28.x.x)
    Location has been changed to Corporate Internal Network.

    This is all happening quickly, it appears.

     



  • 5.  RE: Client Connects Then Disconnects Then Reconnects via VPN. Losing Location Awareness?

    Posted Mar 03, 2015 04:33 PM

    Turns out our network team changed the IP ranges that our VPN users were being assigned. I added those ranges to our location policy for VPN but did not notice that these same ranges were still in our default Corporate Internal policy.

    Location was confused.