Video Screencast Help

Firewall status: "disabled" or "disabled by policy"... strange behaviour

Created: 12 Dec 2012 • Updated: 12 Dec 2012 | 9 comments
diabolicus23's picture

SEP 12.1 RU2.

 

I've one group where I've withdrawn the firewall policy (component installed but policy withdrawn).

I don't understand why I see, in that group, some clients with the firewall status reported as "disabled by policy" and others reported as "disabled".

All those client rebooted after the installation, they have the correct (and the same) policy serial number, same OS type, they had not SEP before so no old communication settings and so on... simply I don't understand.

Any idea?

 

 

Thanks!

Comments 9 CommentsJump to latest comment

diabolicus23's picture

Hi Ashish and thanks for the link.
Even if the problem reported there is, potentially, a big issue I don't realize why different behaviour for my clients.

I could understand both of them with firewall disabled or enabled for some reason, but different result...? This is my question mark.

 

Thanks

Ajit Jha's picture

Its seems to me like its not Reporting properly,as two kind of Status for a Single Group with same prolicy. You should update the policy once again and check.

Regard's

Ajit Jha

Technical Consultant

ASC & STS

diabolicus23's picture

You mean, the policy update check performed by the clients at their heartbeat interval? Already passed.

If you mean directly from the clients... I surely hope this is not necessary 'cause I can't do that (future vision) on all "strange" clients.

diabolicus23's picture

Absolutely yes.

 

Not only. They're deployed using the same exported setup.

_Brian's picture

Is it possible that on one of the clients someone right clicked the SEP icon and selected "Disable SEP"?

Rafeeq's picture

Found it.

If right click on client in SEPM and select disable NTP it will say disable by Policy.

However if you withdraw the policy / disable from client it will just say "Disabled"

diabolicus23's picture

I didn't send the command via console and the user did not disable it via client gui (I control both manager and clients in this phase).

I cannot solve the problem itself so I've avoided it.

I've reintroduced the firewall policy to the group with a top rule saying "allow-any-any".
The firewall is now reported as "enabled" for every client.

Not a solution, I know, but at least a uniform behavior.