Playmobit 0 Posted December 3, 2020 Share Posted December 3, 2020 We are facing a problem with one of our endpoints. The latest versions of Endpoint Security and Agent are installed, same policies and right like every other computer on the network but the firewall keeps blocking the connectivity with the entire network for some reason. I tried to put the firewall of the workstation on learning mode but it fails to create rules and when I go to unblock "recently blocked applications and devices" I keep getting "unblock error" Can you suggest me any solution or I should call the techincal support? Thanks in advance! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted December 3, 2020 Administrators Share Posted December 3, 2020 Does temporarily pausing the firewall actually resolve the issue? Please carry on as follows: - enable advanced network protection logging in the adv. setup -> tools -> diagnostics - reboot the machine - reproduce the issue - stop logging - collect logs with ESET Log Collector and upload the generated archive here. Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted December 4, 2020 ESET Staff Share Posted December 4, 2020 Maybe, just maybe, are there any rules set for a Firewall by a policy? As in this case, the entire "FW rules list" is set to "read only" and the local client can´t create a new rule. You will have to configure the policy setting in a way, that you will allow merging of the policy based list, and the local list. But that is just a hint. Link to comment Share on other sites More sharing options...
Playmobit 0 Posted December 5, 2020 Author Share Posted December 5, 2020 @Marcos Here you are! I uploaded the generated zip file to OneDrive. https://1drv.ms/u/s!AmMMfeAKQqzOlmE6L_BrRZQ6Ft4Z?e=FaRPul Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted December 5, 2020 Administrators Share Posted December 5, 2020 According to the configuration, V...A.local network is recognized if the DHCP server address is 192.168.0.5. However, according to ipconfig the address of the DHCP server is 10.20.1.1. In the Known networks setup change these options: Link to comment Share on other sites More sharing options...
itman 1,742 Posted December 5, 2020 Share Posted December 5, 2020 In regards to IP address 10. 20.1.1, are any of these domain names: catsa-concretos.com, dc-corporativo.catsa-concretos.com, mupl-dc2.mupl.muprivate.edu.au and s1.azdata.net. familiar to you? Note that IP address range of 10.0.0.0/8 relate to NAC RADB TESTING. Ref.: https://ipinfo.io/AS65534 Link to comment Share on other sites More sharing options...
Playmobit 0 Posted December 5, 2020 Author Share Posted December 5, 2020 @itman The subnet mask is not /8 and we don't face any other network problem just this particular computer! @Marcos I changed the policy settings that you mentioned but nothing changed 1. I configured the DHCP/DNS settings with the correct IP addresses, didn't work. 2. I disabled the DNS/DHCP settings. Nothing changed! I ended up creating another policy with learning mode setting only and assigned only this new policy to the computer and the unblocking of the previously blocked communications worked but just that. It doesn't work as in true learning mode with rules creating instantly etc... I also applied the first policy and I don't see it as "applied policy" like it is stuck or something. Link to comment Share on other sites More sharing options...
Recommended Posts