cancel
Showing results for 
Search instead for 
Did you mean: 

CAG Rule trouble shooting - No writting to FireSvc.log

Jump to solution

I am experminting with CAG rules and I have one set up with connection aware with  2 DNS servers by IP and a DNS Suffix.

When I apply the CAG rule to the system, the NIC is isolated. When I remove the DNS suffix from the CAG rule it starts working again.

I am trying to debug this by looking at the  FireSvc.log for Calculate Effective Location Policy to see where the issue is. The FireSvc.log hasn't been written to for a month and not sure whats stopping it from writting to the log.

Running

HIPS 8

Epo 4.6.6

Message was edited by: sstretchh on 4/11/14 7:32:16 AM CDT
1 Solution

Accepted Solutions

Re: CAG Rule trouble shooting - No writting to FireSvc.log

Jump to solution

Scott,

Thru testing I ended up figuring out part of my problem. The DNS suffix has to match in the Advantaced TCP/IP settings under DNS Suffix where I have it highlighted in RED. I kept focuing on the DNS suffix and NEtBIOS Page and adding DNS Suffix there which is not SAME SAME LOL........I did figure out what causes the requires home netowkr = true. But I lost those notes and don't remeber now. I think every time I had the CAG set to check for DNS Suffix it would switch to TRUE.

DNS_suffix1.JPGDNS_suffix.JPG

3 Replies

Re: CAG Rule trouble shooting - No writting to FireSvc.log

Jump to solution

Ok so i figured out I have to assign a policy that turns FW debugging on.

Under this part of the log, I can't figure out where the value "requires home network = True" What sets this value ?

***** Location Info

Group "Isolation"

  Client id = xxxxxxxxxxxxxxxx

  Requires home network = true

  Hot drop if not match = true

  Is ipv4 = true

  Is ipv6 = true

  Registry key =

  Physical medium = FW_PHYSICAL_MEDIUM_WIRED

  DNS suffix = xxx.xxx

  Gateway = x.x.x.x

  DNS server = x.x.x.x

  DNS server = x.x.x.x

Highlighted

Re: CAG Rule trouble shooting - No writting to FireSvc.log

Jump to solution

sounds like the dns suffix criteria you are using is incorrect. why not just use one piece of criteria in the cag?

Re: CAG Rule trouble shooting - No writting to FireSvc.log

Jump to solution

Scott,

Thru testing I ended up figuring out part of my problem. The DNS suffix has to match in the Advantaced TCP/IP settings under DNS Suffix where I have it highlighted in RED. I kept focuing on the DNS suffix and NEtBIOS Page and adding DNS Suffix there which is not SAME SAME LOL........I did figure out what causes the requires home netowkr = true. But I lost those notes and don't remeber now. I think every time I had the CAG set to check for DNS Suffix it would switch to TRUE.

DNS_suffix1.JPGDNS_suffix.JPG

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community