https://community.cisco.com/t5/network-access-control/remediation-issue/m-p/3429027#M509947 <HTML><HEAD></HEAD><BODY><P>I am sorry to say but this one is different as the other one is about making sure that firewall is turned on for all three profiles, where as this one is more about the two remediation not working at the same time.</P><P></P><P>As mentioned earlier I can achieve the below without any issues:</P><P></P><P>1) For domain profile I can enable the windows firewall using remediation (if "windows firewall" service is up and running)</P><P>2) I can start&nbsp; the "windows firewall" service&nbsp; using remediation( if all three profile are configured with firewall enabled option).</P><P></P><P>HOWEVER I cannot get both working at same time i.e.</P><P></P><P>3) If firewall is disabled for domain profile and windows firewall service is not running, the remediation does not start and at remediation timer expiry I am categorized as NON-COMPIANT</P><P></P><P>Is there something we can do about this. I mean some timer or some retries or some delay for the profile firewall remediation to kick in after the services are enabled.</P><P></P><P>Looking for some guidance there, if someone have seen it working in lab/ customer environment.</P></BODY></HTML> Wed, 16 May 2018 02:04:38 GMT rajatsha 2018-05-16T02:04:38Z https://community.cisco.com/t5/network-access-control/remediation-issue/m-p/3429025#M509945 <HTML><HEAD></HEAD><BODY><P>Hello Experts,</P><P></P><P>I am trying to check for two things during posture:</P><P></P><P>1) If the Widows firewall service is running or not. (created the condition and launch program remediation&nbsp; and it works fine)</P><P>2) To make sure that the Windows firewall is turned ON. (It is currently working for Domain and not&nbsp; for other two profile, but I have raised a separate thread for that)</P><P></P><P>CURRENT ISSUE:</P><P></P><P>When windows FW is turned off for Domain and I disable the service and then unplug and replug the laptop,&nbsp; the posture fails as both of these are not getting triggered at the same time. If I enable the domain firewall and then disable the widows firewall service it come back fine. Similarly if I just switch off the firewall for domain it comes back fine.</P><P></P><P>but somehow both are not coming back at the same time.</P><P></P><P>Please suggest what I am missing or how can we get this working with ISE posture in stealth mode.</P><P></P><P>REgards,</P><P>Rajat Sharma</P></BODY></HTML> Tue, 15 May 2018 06:17:25 GMT https://community.cisco.com/t5/network-access-control/remediation-issue/m-p/3429025#M509945 rajatsha 2018-05-15T06:17:25Z https://community.cisco.com/t5/network-access-control/remediation-issue/m-p/3429026#M509946 <HTML><HEAD></HEAD><BODY><P>This question appears to be a duplicate from your previous post here: <A href="https://community.cisco.com/thread/91807">Firewall is not getting turned on for Private (standard) and Public profiles</A></P></BODY></HTML> Tue, 15 May 2018 12:05:47 GMT https://community.cisco.com/t5/network-access-control/remediation-issue/m-p/3429026#M509946 Craig Hyps 2018-05-15T12:05:47Z https://community.cisco.com/t5/network-access-control/remediation-issue/m-p/3429027#M509947 <HTML><HEAD></HEAD><BODY><P>I am sorry to say but this one is different as the other one is about making sure that firewall is turned on for all three profiles, where as this one is more about the two remediation not working at the same time.</P><P></P><P>As mentioned earlier I can achieve the below without any issues:</P><P></P><P>1) For domain profile I can enable the windows firewall using remediation (if "windows firewall" service is up and running)</P><P>2) I can start&nbsp; the "windows firewall" service&nbsp; using remediation( if all three profile are configured with firewall enabled option).</P><P></P><P>HOWEVER I cannot get both working at same time i.e.</P><P></P><P>3) If firewall is disabled for domain profile and windows firewall service is not running, the remediation does not start and at remediation timer expiry I am categorized as NON-COMPIANT</P><P></P><P>Is there something we can do about this. I mean some timer or some retries or some delay for the profile firewall remediation to kick in after the services are enabled.</P><P></P><P>Looking for some guidance there, if someone have seen it working in lab/ customer environment.</P></BODY></HTML> Wed, 16 May 2018 02:04:38 GMT https://community.cisco.com/t5/network-access-control/remediation-issue/m-p/3429027#M509947 rajatsha 2018-05-16T02:04:38Z