Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 3754 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall disabling all network adapters

jon797w

Not sure if anyone else has seen this issue but we have seen an increase in this occuring since upgrading to firewall v2.7.0

Basically what happens is that the laptop can be working fine, and then on next reboot all network access is disabled, stop the Firewall Service and all networking comes back.

We then have to remove the Firewall component and redeploy it from the console in order to solve the problem.

:18813


This thread was automatically locked due to age.
  • 0

    Hello jon797w,

    so you say that the issue was also present with 2.5? By all network access is disabled do you mean that the adapters are disabled or that SCF blocks all connection attempts? Does the client report any status to SEC after reboot? Any errors/warnings in the SCF, AutoUpdate or Event logs? Does this happen more than once on the same computer?

    Christian

    :18827
  • 0

    Hi Christian

    Thanks for the reply, we did see this on the odd occassion with 2.5, but since going to 2.7 we are getting a couple of instances a week, it does very often occur on the same machine more than once.

    It physically disables the adapters, doesn't seem limited to one OS, seen it happen on XP, Vista and 7.

    The only error that seems to get reported is error 67, Failed to install Sophos Client Firewall; The MSI has failed

    Seems that when an update is happening the FW component is failing but I can't see why

    :18849
  • 0

    ... failing but I can't see why

    That's what the logs are for :smileywink:.

    Seriously - the first question is why is it installing at all. Usually SCF is only installed for an upgrade (like going from 2.5 to 2.7) and not during normal updates. Guess whatever is causing the (re-)install attempt also leads to the installer error. We then have to remove the Firewall component and redeploy it from the console I get it the uninstall succeeds but more important - redeployment fails without an uninstall first. Is this correct?

    Now the alc.log should show when the install is attempted and the corresponding ALUpdate...  logs will have some details. Do all clients update from the same CID all the time?

    Christian

    :18857
  • 0

    Thanks for that, I have asked the guys to collect the logs next time it happens

    Redeploying without first removing the firewall results in a failed deployment.

    There are 15 update managers, we do use a DFS share name to try and stop them going all over the network looking for there home update manager, don't suppose we need this now as roaming is now part of v9.7; just never got around to removing it

    :18869
  • 0

    Looks like the clients see a "changed" CID a attempt a more or less full install instead of just an update. Well, the logs will tell that.

    Christian

    :18871