Using 11.0.5, we have locations set up so that there is location called roaming to download updates from liveupdate and switch on the firewall. It is set up as below:
location 1: Subnet X (default)
location 2: Subnet Y (Repeat for each site)
location 3: Client computer does not connect to the management server
All the locations for the various offices have blank firewall policies and the roaming policy basically allows all out and none in.
The problem is, some of our clients are switching to the roaming location while the PC's are still on the same subnet. It appears to be when users are a way from there PC's so apart from some applications going offline, it's no major concern, but it is producing a heap of useless logs, that I'd rather not have rules for.
Here is 2 examples of a block that occured when it shouldn't of:
24/02/2010 9:40:27 AM Blocked 5 Incoming ETHERNET [type=0x8808] 0.0.0.0 01-80-C2-00-00-01 0 0.0.0.0 01-80-C2-00-00-01 0 user1 domain Roaming 1 24/02/2010 9:40:16 AM 24/02/2010 9:40:16 AM Block all other traffic
24/02/2010 10:48:53 Blocked 5 Incoming UDP Swyxserv.domain [10.23.1.3] DC-3D-20-00-01-00 0 10.23.18.61 00-05-9A-3C-78-00 0 user2 domain Roaming 11 24/02/2010 10:47:51 24/02/2010 10:48:22 Block all other traffic
I was under the impression that it would only go to the roaming group if the IP wasn't in one of the location in above groups and it couldn't connect to the SEPM servers, or is this incorrect?
The only thing I can think of would be to change the last rule so that it also says not included in each subnet and list them all.