This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client Firewall active location detection failing

Hello,

I'm having problems getting the Client Firewall (from Endpoint Security & Control 9) to recognize the primary location. No matter how I specify this, my laptop clients always believe they are on the Primary Location, even when the user leaves the office and uses the systems at home.

We have a fairly large WAN connected by leased lines and all served by an Active Directory DNS service. On every site our DNS refers back to the server we use to distribute our Sophos Policies. That system does not have a public IP address as it is hidden behind our firewall.

In the central configuration policy for the Firewall I am setting the Location detection by DNS. My belief being that the FQDN and IP address combination I have entered is always correct when my clients are within our network and will fail to to resolve when they are on foreign networks (like their own broadband connections). I should then be able to configure the firewall to behave differently depending upon it finding the primary location or not.

Now I'm probably doing something wrong here, but no matter how I specify the policy servers IP address, my firewall clients are always showing that the active location is the Primary location. Even when used out of the bounds of our LAN/WAN.

I have made various tests to confirm that the DNS resolution is not the cause of this and this always seems to be fine.

Has anybody else seen this behavior, or can you suggest what I may be doing wrong?

Is there a comprehensive Firewall Configuration guide available? I haven't been able to locate one as yet.

Many thanks in advance,

Paul

This thread was automatically locked due to age.

Parents

0 Starkadder over 14 years ago

Hello Christian,
Thanks for your continued interest in my issue.
I have one of the offending laptops in front of me. I am out of the office, and so have no DNS that will resolve the host that we are using as the trigger system.
If I log on to the laptop, without any network cable plugged in and without a valid wireless connection, and start Endpoint Security and Control the status says that the firewall is enabled and the active location is the primary location. If I issue an IPCONFIG command on that system I am told that both my network adapters (wired/wireless) are disconnected. If I try to resolve the hostname of our system in NSLOOKUP all I get is a time out.
The Firewall log shows two entries seperated by a few seconds:
17:52:40 Firewall successfully configured (primary location).
17:52:42 Detected location as secondary.
This would seem to suggest that the Endpoint console is simply displaying the firewall configuration information incorrectly and that the firewall is working correctly, but in reality because I have no network access, that status is irrelevant.
I then plug a cable between my broadband router and the laptop. IPCONFIG shows that I now have an IP address, and I am able to surf the internet. When I attempt to resolve the FQDN of the server name in NSLOOKUP I do not get a result, I get non-existant domain. I also cannot get a result when I ping the IP address of the server directly. This should mean that I am still in the secondary location.
However the firewall log shows the following entry.
18:00:28 Detected location as primary.
I think this is wrong as I am still unable to resolve the name of my server, and I am also unable to reach that server.
If I unplug the cable from the laptop I would expect the Firewall to revert back to the condition it was in prior to my inserting the cable, but it doesn't. Again, I think this is wrong.
I have waited 10 minutes to see if the status changes back, but it seems as though it's not going to.
I'll leave it and check it later and report back.
:1935
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Starkadder over 14 years ago

Hello Christian,
Thanks for your continued interest in my issue.
I have one of the offending laptops in front of me. I am out of the office, and so have no DNS that will resolve the host that we are using as the trigger system.
If I log on to the laptop, without any network cable plugged in and without a valid wireless connection, and start Endpoint Security and Control the status says that the firewall is enabled and the active location is the primary location. If I issue an IPCONFIG command on that system I am told that both my network adapters (wired/wireless) are disconnected. If I try to resolve the hostname of our system in NSLOOKUP all I get is a time out.
The Firewall log shows two entries seperated by a few seconds:
17:52:40 Firewall successfully configured (primary location).
17:52:42 Detected location as secondary.
This would seem to suggest that the Endpoint console is simply displaying the firewall configuration information incorrectly and that the firewall is working correctly, but in reality because I have no network access, that status is irrelevant.
I then plug a cable between my broadband router and the laptop. IPCONFIG shows that I now have an IP address, and I am able to surf the internet. When I attempt to resolve the FQDN of the server name in NSLOOKUP I do not get a result, I get non-existant domain. I also cannot get a result when I ping the IP address of the server directly. This should mean that I am still in the secondary location.
However the firewall log shows the following entry.
18:00:28 Detected location as primary.
I think this is wrong as I am still unable to resolve the name of my server, and I am also unable to reach that server.
If I unplug the cable from the laptop I would expect the Firewall to revert back to the condition it was in prior to my inserting the cable, but it doesn't. Again, I think this is wrong.
I have waited 10 minutes to see if the status changes back, but it seems as though it's not going to.
I'll leave it and check it later and report back.
:1935
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data