Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3610
Views
15
Helpful
6
Replies

Non Compliant PC but fw enabled

kostasthedelegate
Level 4
Level 4

‎02-25-2021 07:28 AM

Hello, 

 

I have a pc that fails posture. 

The condition it fails is firewall. 

Mandatory
Failed
fw_enabled_v4_fw_ANY_ANY_ANY

 

On the pc though the fw is open

 

FWEnabled1.png

 

From the DART I see errors like that

 

2021/02/25 15:50:57 [Error] aciseagent Function: GetCurrentUserName Thread Id: 0xE10 File: c:\temp\build\thehoff\negasonic_mr30.550195061902\negasonic_mr3\posture\ise\libcommoncpp\impersonateuser.cpp Line: 34 Level: error  Failed to find an active session.. 
2021/02/25 15:50:57 [Error] aciseagent Function: GetCurrentUserName Thread Id: 0xE10 File: c:\temp\build\thehoff\negasonic_mr30.550195061902\negasonic_mr3\posture\ise\libcommoncpp\impersonateuser.cpp Line: 37 Level: error  Failed to find session after enumerating each session.. 
2021/02/25 15:50:57 [Warning] aciseagent Function: SwiftHttpRunner::timer_callback Thread Id: 0xE10 File: c:\temp\build\thehoff\negasonic_mr30.550195061902\negasonic_mr3\posture\ise\libswift\swifthttprunner.cpp Line: 337 Level: warn  Failed to obtain loggedIn user info, aborting discovery.. 
2021/02/25 16:15:29 [Error] nacapi Function: CNacApiShim::StatusNotification Thread Id: 0x146C File: c:\temp\build\thehoff\negasonic_mr30.550195061902\negasonic_mr3\posture\ise\nacshim\nacshim.cpp Line: 232 Level: error StatusNotification invalid state. 
2021/02/25 16:15:29 [Error] nacapi Function: CNacApiShim::StatusNotification Thread Id: 0x146C File: c:\temp\build\thehoff\negasonic_mr30.550195061902\negasonic_mr3\posture\ise\nacshim\nacshim.cpp Line: 232 Level: error StatusNotification invalid state. 
2021/02/25 16:15:29 [Error] nacapi Function: CNacApiShim::StatusNotification Thread Id: 0x146C File: c:\temp\build\thehoff\negasonic_mr30.550195061902\negasonic_mr3\posture\ise\nacshim\nacshim.cpp Line: 232 Level: error StatusNotification invalid state. 
2021/02/25 16:15:29 [Error] nacapi Function: CNacApiShim::StatusNotification Thread Id: 0x146C File: c:\temp\build\thehoff\negasonic_mr30.550195061902\negasonic_mr3\posture\ise\nacshim\nacshim.cpp Line: 232 Level: error StatusNotification invalid state. 
2021/02/25 16:36:37 [Error] nacapi Function: IpcWrap::_recv Thread Id: 0x146C File: c:\temp\build\thehoff\negasonic_mr30.550195061902\negasonic_mr3\posture\ise\nacshim\ipcwrap.cpp Line: 106 Level: error Failed to read packet length: -6 - Connection Aborted. 
2021/02/25 16:36:37 [Error] nacapi Function: IpcWrap::_recvThread Thread Id: 0x146C File: c:\temp\build\thehoff\negasonic_mr30.550195061902\negasonic_mr3\posture\ise\nacshim\ipcwrap.cpp Line: 342 Level: error _recv returned: -6 - Connection Aborted.

What might be wrong?

 

Thanks and regards, 

Konstantinos

Labels:
Preview file
1560 KB
0 Helpful
6 Replies 6

Mike.Cifelli
VIP Alumni
VIP Alumni

‎02-25-2021 07:37 AM

In my experience those conditions can be tricky.  Are you simply trying to ensure that clients have a local firewall enabled and running? If so, my suggestion would be to identify the target service within services and create a service condition.  For example, here is a service condition that checks to ensure McAfee HIPS is running:

svc_cond.PNG

 

HTH!

0 Helpful

kostasthedelegate
Level 4
Level 4
In response to Mike.Cifelli

‎02-26-2021 04:45 AM

Hello, 

 

Actually the condition is working fine for the rest of the PCs, but there is this one that while the fw is enabled ISE show that the condition is not met.

0 Helpful

Mike.Cifelli
VIP Alumni
VIP Alumni

‎02-26-2021 10:02 AM

Are all of the module versions and configuration the same across the board? Have you attempted to uninstall/reinstall on the troubled client?

kostasthedelegate
Level 4
Level 4

‎02-28-2021 10:11 PM

Hello Mike, 

 

The uninstall/reinstall did not change the result.

This machine is Windows 8 the others are windows 10

Mike.Cifelli
VIP Alumni
VIP Alumni

‎03-01-2021 11:47 AM

Are you running the same AC module & compliance module versions on both the Win10 & Win8 clients? For the Win8 would it be possible to utilize another check that would meet the firewall check requirement? IMO you have other options.  However, your best bet may be to generate a DART bundle and engage with TAC.

0 Helpful

kostasthedelegate
Level 4
Level 4

‎03-01-2021 10:11 PM

Hello, 

 

The modules are the same. 

I will look into the different version of the rule. 

I have uploaded the DART and the errors from AnyConnect_ISEPosture.txt, but i do not recognize if they are relevant.

Customers Also Viewed These Support Documents