Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 6553 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint Protection / Client Firewall / Location Awareness

CHATAIGNER Christophe

Hello.

Location Awaress is configured to resolve DNS server

It globally works well ("Primary" when connected to LAN, "Secondary" when not).

There is an issue when setting-up a VPN (Pulse Secure in ou case).

It takes 4-5 minutes before the status is changed to “Both location”.

During this time, the VPN is up, the DNS can be resolved, but the Firewall status is still "Secondary". Traffic that should be allowed is blocked.

I have searched knowledge base and found article 114559 but it is not relevant.

Thanks in advance.

Christophe.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Christophe,

    114559 is not relevant
    because it talks of MAC addresses?

    SCF tries to determine the location when there's an adapter change. Long time since I've tested with VPN, it might periodically check whether the VPN adapter is still up and connected to Primary. So perhaps when VPN connects the initial resolve attempt fails for whatever reason, later the re-check succeeds.

    Christian

  • 0 in reply to QC

    Thanks for you reply Christian.

    Article 114559 globally explains that, when you are connected to a home Wi-Fi, the Firewall says “Secondary”, and when you join the office network via VPN, the Firewall says “Both locations”.

    My issue is that it takes several minutes to change form “Secondary” to “Both Locations”. I would like to speed-up the process and I do not know how to do that.

    Regards.

  • 0 in reply to CHATAIGNER Christophe

    Hello Christophe,

    apparently shortly after the VPN adapter is connected the name resolution does not yet return the required address.
    An adapter up-change (i.e. to an enabled/connected state) triggers a location check. If it detects Both reliably after a certain constant interval without a preceding adapter change this suggests a periodic re-check (that is AFAIK not performed when only "physical" adapters are active).
    Hm ...

    Christian

  • 0 in reply to CHATAIGNER Christophe

    Hi Christophe, did you find a solution for this problem. We are running into the same situation with Windows10 and Checkpoint Endpoint VPN 80.80. But on Windows 7  the location awareness detects the state "both locations" within 10-15 seconds, Windows 10 needs 80-90 seconds, strange?

     

    Best regards Frank

  • 0 in reply to frankhecker

    Hi Frank. We have no solution yet for this problem. In our context, having Windows 10 or Windows 7 as Operating System, does not make any difference on Sophos Firewall behavior. Regards. Christophe.

Reply Children
No Data
Unfiltered HTML