cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
624
Views
2
Helpful
2
Replies

Remediation Issue

rajatsha
Cisco Employee
Cisco Employee

Hello Experts,

I am trying to check for two things during posture:

1) If the Widows firewall service is running or not. (created the condition and launch program remediation  and it works fine)

2) To make sure that the Windows firewall is turned ON. (It is currently working for Domain and not  for other two profile, but I have raised a separate thread for that)

CURRENT ISSUE:

When windows FW is turned off for Domain and I disable the service and then unplug and replug the laptop,  the posture fails as both of these are not getting triggered at the same time. If I enable the domain firewall and then disable the widows firewall service it come back fine. Similarly if I just switch off the firewall for domain it comes back fine.

but somehow both are not coming back at the same time.

Please suggest what I am missing or how can we get this working with ISE posture in stealth mode.

REgards,

Rajat Sharma

2 Replies 2

Craig Hyps
Level 10
Level 10

This question appears to be a duplicate from your previous post here: Firewall is not getting turned on for Private (standard) and Public profiles

I am sorry to say but this one is different as the other one is about making sure that firewall is turned on for all three profiles, where as this one is more about the two remediation not working at the same time.

As mentioned earlier I can achieve the below without any issues:

1) For domain profile I can enable the windows firewall using remediation (if "windows firewall" service is up and running)

2) I can start  the "windows firewall" service  using remediation( if all three profile are configured with firewall enabled option).

HOWEVER I cannot get both working at same time i.e.

3) If firewall is disabled for domain profile and windows firewall service is not running, the remediation does not start and at remediation timer expiry I am categorized as NON-COMPIANT

Is there something we can do about this. I mean some timer or some retries or some delay for the profile firewall remediation to kick in after the services are enabled.

Looking for some guidance there, if someone have seen it working in lab/ customer environment.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: