Firewall is not getting turned on for Private (standard) and Public profiles

rajatsha · ‎05-14-2018

Hello Experts,

I am facing this strange issue, I have configured the "firewall condition" to check for Vendor =Microsoft and Windows Firewall "ANY" and similar setting for remediation under "Firewall remediation".

The above setting works fine for DOMAIN profile, however the other two profile i.e. Private and Public still shows windows firewall as turned off.

I have also tried creating three different firewall "registry condition" for all three profiles, where we are checking for the registry key to make sure it is set to 1 for all three.

, however as we don't have any "regitry remediation" I am using firewall remediation (the one defined above).

In both the cases, I get same behavior i.e firewall is turned ON for DOMAIN but stays turned OFF for PRIVATE and PUBLIC profile.

How can I get all three turned on in one go (this is a posture compliance thing which customer wants to implement in their network.)

Regards,

Rajat Sharma

Craig Hyps · ‎05-15-2018

You can try a launch program remediation where it runs a regedit script to enable the desired registry key values.

rajatsha · ‎05-15-2018

I tried creating a .reg file but found few issues with that:

1) The file gives a user prompt whether we want to install it (maybe this is not a big thing as this may vanish with some /q option.)

2) This requires administrator privilege to run.

3) The widows firewall screen still shows firewall turned OFF unless we restart the "Windows firewall" service from services.msc

Lastly we will have to do this in two folds, with one check we will have to copy the file from ISE to local machine (as remidiation) and with a second check we will have to run the local file using "Launch program remediation"

Do we have some easy way to achieve this i.e to enable widows firewall for all the three profiles. I am sure, I am not the first person asking this.

Rajat

thomas · ‎05-16-2018

Does this work for you?

https://supportforums.cisco.com/t5/aaa-identity-and-nac/cisco-ise-to-check-windows-firewall-is-enabled-or-not-in-posture…

You don't state the fully qualified registry. Is it

HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

I don't know what the implications are of the 3 different profile types.

Perhaps they each have different registry keys for the same effective setting?

rajatsha · ‎05-16-2018

Hi Thomas,

Sorry if I have not mentioned, In posture conditions we are checking for three registry entry one for each firewall profile, however while fixing it we are using “firewall remediation” which doesn’t specify any profile and stays generic.

Other option for remediation is to use a script to enable firewall for all the profiles, however there are two issues with that, first we need admin priv for that and second we have to restart the Windows firewall services to kick the change otherwise the firewall tab still shows RED for all three profiles.

Best Regards,

Rajat Sharma

hslai · ‎05-16-2018

I believe admin privilege is required in turning ON/OFF Windows Firewall. This command should turn on firewall for all:

netsh advfirewall set allprofiles state on

imbashir · ‎05-16-2018

Hi Rajat, the remediation will work for the current connected firewall

e.g. in my setup, the connected interface is marked as Public and ISE was able to automatically remediate (Turn Firewall ON) for that interface

In your setup, what interface is the firewall mapped to ?

Thanks

Imran

rajatsha · ‎05-16-2018

Thank you for your email.

I guess you nailed it. I am seeing similar behaviour. If I connect to domain profile (using domain machine) the domain firewall is getting switched ON. Same thing happens when I connect to public netowork.

But my question still stands if there is a way to enable all three in on go ( obviously we know that we will be connecting to only one profile at the movement) but this is more from customer view point as they want to see all green (i.e. firewall as ON for all three instead of seeing one Green and Two RED marks on the screen when we look)

Will appreciate if you can suggest anything moving forward.

Best Regards,

Rajat