Jump to content

Endpoint Security & Firewall problem


Recommended Posts

We are facing a problem with one of our endpoints.

The latest versions of Endpoint Security and Agent are installed, same policies and right like every other computer on the network

but the firewall keeps blocking the connectivity with the entire network for some reason.

I tried to put the firewall of the workstation on learning mode but it fails to create rules and when I go to unblock "recently blocked applications and devices" I keep getting "unblock error"

Can you suggest me any solution or I should call the techincal support?

 

Thanks in advance!

eset_error.JPG

eset_error_2.JPG

eset_error_unblock.JPG

Link to post
Share on other sites
  • Administrators

Does temporarily pausing the firewall actually resolve the issue?

Please carry on as follows:
- enable advanced network protection logging in the adv. setup -> tools -> diagnostics
- reboot the machine
- reproduce the issue
- stop logging
- collect logs with ESET Log Collector and upload the generated archive here.

Link to post
Share on other sites
  • ESET Staff

Maybe, just maybe, are there any rules set for a Firewall by a policy? As in this case, the entire "FW rules list" is set to "read only" and the local client can´t create a new rule. You will have to configure the policy setting in a way, that you will allow merging of the policy based list, and the local list. But that is just a hint. 

endpoint fw.jpg

Link to post
Share on other sites
  • Administrators

According to the configuration, V...A.local network is recognized if the DHCP server address is 192.168.0.5. However, according to ipconfig the address of the DHCP server is 10.20.1.1.

In the Known networks setup change these options:

image.png

image.png

Link to post
Share on other sites

In regards to IP address 10. 20.1.1, are any of these domain names: catsa-concretos.com, dc-corporativo.catsa-concretos.com, mupl-dc2.mupl.muprivate.edu.au and s1.azdata.net.  familiar to you?

Note that IP address range of 10.0.0.0/8 relate to NAC RADB TESTING. Ref.: https://ipinfo.io/AS65534

 

Link to post
Share on other sites

@itman The subnet mask is not /8 and we don't face any other network problem just this particular computer!

@Marcos I changed the policy settings that you mentioned but nothing changed

1. I configured the DHCP/DNS settings with the correct IP addresses, didn't work. 

2. I disabled the DNS/DHCP settings. Nothing changed!

I  ended up creating another policy with learning mode setting only and assigned only this new policy to the computer and the unblocking of the previously blocked communications worked but just that.

It doesn't work as in true learning mode with rules creating instantly etc...

I also applied the first policy and I don't see it as "applied policy" like it is stuck or something.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...