Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 7995 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enpoint Protection Firewall inconsistent behaviour

PeterD_AUS

Hi,

I have just imaged and deployed 100+ notebooks with Windows 7 Ent. I then used the Enterprise console to push out Sophos and my policies in particular a firewall policy.

All endpoints show as 'same as policy' for the firewall policy, but they don't all behave the same. I have attempted to force policy compliance using the option to do so within the Enterprise console. but this has made no difference.

The effected devices have all been restarted many times.

This is causing havoc due to the inconsistent device behavior as you can image.

Any ideas? 
 

Thank you

Regards
Peter

:55758


This thread was automatically locked due to age.
  • 0

    Hello Peter,

    Any ideas?

    Perhaps - if you could describe the inconsistent device behavior with a little bit more detail :smileyhappy:. If the devices assert that they comply then one can assume that the same policy is in effect on all of them.

    Christian

    :55759
  • 0

    Hi Christian,

    The inconsistent behaviour includes:

    - Issue 1: most users being able to print whilst others cannot. The user needs to enter a code for the printer to accept the job. Those that cannot print get a message from the driver indicating that their credentials cannot be verified. All users received this message until the policy was altered last week. Now only around 20 users receive this message.

    - Issue 2: Some users are unable to utilise an add in for Microsoft office which enable editing of a file in our document management system. Once again this was resolved last week with a policy change and pushed out with 'comply with - all policies'. Issue fixed for most but not all. Same peoples effected as issue 1.

    The same users are effected by both issues. All notebooks are imaged and the users are in the same AD OU's with same group memberships, and applied GPO. For testing purposes If the firewall is set to Allow all traffic the issues dont arise.

    Any ideas?

    Thank you
    Regards
    Peter

    :55769
  • 0

    Hello Peter,

    I assume by people/users you mean computers as policies apply to endpoints, not the logged on user. SCF logs its blocking actions and by default sends the to the console where they can by viewed with the Event Viewer.

    I don't think it's inconsistent - at least it looks deterministic. Everything seemingly identical network connection is a prime suspect. You say you had to amend the policy as it didn't work at all first - what if this change missed a subtle piece? But as said, the logs should give some insight.

    Christian

    :55773