Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
628
Views
2
Helpful
2
Replies

Remediation Issue

rajatsha
Cisco Employee
Cisco Employee

‎05-14-2018 11:17 PM

Hello Experts,

I am trying to check for two things during posture:

1) If the Widows firewall service is running or not. (created the condition and launch program remediation  and it works fine)

2) To make sure that the Windows firewall is turned ON. (It is currently working for Domain and not  for other two profile, but I have raised a separate thread for that)

CURRENT ISSUE:

When windows FW is turned off for Domain and I disable the service and then unplug and replug the laptop,  the posture fails as both of these are not getting triggered at the same time. If I enable the domain firewall and then disable the widows firewall service it come back fine. Similarly if I just switch off the firewall for domain it comes back fine.

but somehow both are not coming back at the same time.

Please suggest what I am missing or how can we get this working with ISE posture in stealth mode.

REgards,

Rajat Sharma

2 Replies 2

Craig Hyps
Level 10
Level 10

‎05-15-2018 05:05 AM

This question appears to be a duplicate from your previous post here: Firewall is not getting turned on for Private (standard) and Public profiles

rajatsha
Cisco Employee
Cisco Employee
In response to Craig Hyps

‎05-15-2018 07:04 PM

I am sorry to say but this one is different as the other one is about making sure that firewall is turned on for all three profiles, where as this one is more about the two remediation not working at the same time.

As mentioned earlier I can achieve the below without any issues:

1) For domain profile I can enable the windows firewall using remediation (if "windows firewall" service is up and running)

2) I can start  the "windows firewall" service  using remediation( if all three profile are configured with firewall enabled option).

HOWEVER I cannot get both working at same time i.e.

3) If firewall is disabled for domain profile and windows firewall service is not running, the remediation does not start and at remediation timer expiry I am categorized as NON-COMPIANT

Is there something we can do about this. I mean some timer or some retries or some delay for the profile firewall remediation to kick in after the services are enabled.

Looking for some guidance there, if someone have seen it working in lab/ customer environment.

0 Helpful
Customers Also Viewed These Support Documents