Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 2340 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Client Firewall not applying policies

DavidRickard

The basics:

  • Enteprise Console 4.7.0.13 running on Windows Server 2008 R2 Standard.
  • Sophos ESC 4.7.
  • Clients are Windows XP SP2/3, and some Windows 7 Enterprise.
  • All computers are members of a Windows 2008 domain. 
  • Sophos is installed by a script which determines if the PC is a laptop or a desktop. Laptops have the firewall installed; desktops don't.
  • The entire computers OU is synced into Enterprise Console. All computers are in sub OUs which are organised by site, then building, then floor, and finally, room. Each of these OUs has the appropriate policies set on it.

Basically, the issue is Sophos is pushed onto the machines as expected. They appear in Enterprise Console (within 10 minutes, when the sync happens) and all is well. However, 9 out of 10 times they don't apply any policies. This is most troubling on the notebooks because the firewall is set to the following:

  • Primary Location: Disable firewall (Detected via DNS, to do it via MAC is no good for us as we've got SO many default gateways, it's unreal)
  • Secondary Location: Enable firewall. Allow all out-going traffic. Block all incoming.

The end result is that a machine which is a domain member, and doesn't apply it's firewall policies, won't log in. Or, it will (using cached credentials) but the login scripts don't run, and then hardly anything runs as expected.

So, the obvious thing is to jump into Enterprise Console and apply the policy. Having done that, it'll all work fine. For a while. Then it'll randomly 'forget' the policy, and you're back to square one. Case in point, we had a notebook which exhibited this issue, so I applied the policies and all was well. The user used it, shut it down, and didn't move it. He came back the next day, and 'lo, the policy was gone. For some applying once works, for others, it needs pushing every so often.

Firstly, can anybody suggest anything I should (or shouldn't) be doing here? Are there some best practices for deploying policies perhaps? Or is it possible to hard-wire the policies into the CIDs, as used to be possible in the past, so at least it has a 'workable' policy out of the box? I just want these poiicies to stick!

This is causing us quite a few problems, and some users are getting savvy and just disabling the firewall outright, which is not a good idea!

:18119


This thread was automatically locked due to age.
Parents
  • 0

    It shouldn't revert to the default unless instructed to do so. For example a re-install would cause these symptoms - but I guess you can rule this out.

    Ding! Penny drops! The installer script checks the central CID and can - on occasion - reinstall if it detects a difference in version. I have a feeling that might be happening. I'll see if I can get some logs collected, and we'll take a look.

    Thanks!

    :18129
Reply
  • 0

    It shouldn't revert to the default unless instructed to do so. For example a re-install would cause these symptoms - but I guess you can rule this out.

    Ding! Penny drops! The installer script checks the central CID and can - on occasion - reinstall if it detects a difference in version. I have a feeling that might be happening. I'll see if I can get some logs collected, and we'll take a look.

    Thanks!

    :18129
Children
No Data