Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Firewall status: "disabled" or "disabled by policy"... strange behaviour

Created: 12 Dec 2012 • Updated: 12 Dec 2012 | 9 comments
diabolicus23's picture

SEP 12.1 RU2.

 

I've one group where I've withdrawn the firewall policy (component installed but policy withdrawn).

I don't understand why I see, in that group, some clients with the firewall status reported as "disabled by policy" and others reported as "disabled".

All those client rebooted after the installation, they have the correct (and the same) policy serial number, same OS type, they had not SEP before so no old communication settings and so on... simply I don't understand.

Any idea?

 

 

Thanks!

Comments 9 CommentsJump to latest comment

diabolicus23's picture

Hi Ashish and thanks for the link.
Even if the problem reported there is, potentially, a big issue I don't realize why different behaviour for my clients.

I could understand both of them with firewall disabled or enabled for some reason, but different result...? This is my question mark.

 

Thanks

Ajit Jha's picture

Its seems to me like its not Reporting properly,as two kind of Status for a Single Group with same prolicy. You should update the policy once again and check.

Regard's

Ajit Jha

Technical Consultant

ASC & STS

diabolicus23's picture

You mean, the policy update check performed by the clients at their heartbeat interval? Already passed.

If you mean directly from the clients... I surely hope this is not necessary 'cause I can't do that (future vision) on all "strange" clients.

.Brian's picture

Are all clients on the same version of SEP?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

diabolicus23's picture

Absolutely yes.

 

Not only. They're deployed using the same exported setup.

.Brian's picture

Is it possible that on one of the clients someone right clicked the SEP icon and selected "Disable SEP"?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

Found it.

If right click on client in SEPM and select disable NTP it will say disable by Policy.

However if you withdraw the policy / disable from client it will just say "Disabled"

diabolicus23's picture

I didn't send the command via console and the user did not disable it via client gui (I control both manager and clients in this phase).

I cannot solve the problem itself so I've avoided it.

I've reintroduced the firewall policy to the group with a top rule saying "allow-any-any".
The firewall is now reported as "enabled" for every client.

Not a solution, I know, but at least a uniform behavior.