cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

CAG Rule trouble shooting - No writting to FireSvc.log

Jump to solution

I am experminting with CAG rules and I have one set up with connection aware with  2 DNS servers by IP and a DNS Suffix.

When I apply the CAG rule to the system, the NIC is isolated. When I remove the DNS suffix from the CAG rule it starts working again.

I am trying to debug this by looking at the  FireSvc.log for Calculate Effective Location Policy to see where the issue is. The FireSvc.log hasn't been written to for a month and not sure whats stopping it from writting to the log.

Running

HIPS 8

Epo 4.6.6

Message was edited by: sstretchh on 4/11/14 7:32:16 AM CDT
1 Solution

Accepted Solutions
Highlighted

Re: CAG Rule trouble shooting - No writting to FireSvc.log

Jump to solution

Scott,

Thru testing I ended up figuring out part of my problem. The DNS suffix has to match in the Advantaced TCP/IP settings under DNS Suffix where I have it highlighted in RED. I kept focuing on the DNS suffix and NEtBIOS Page and adding DNS Suffix there which is not SAME SAME LOL........I did figure out what causes the requires home netowkr = true. But I lost those notes and don't remeber now. I think every time I had the CAG set to check for DNS Suffix it would switch to TRUE.

DNS_suffix1.JPGDNS_suffix.JPG

View solution in original post

3 Replies
Highlighted

Re: CAG Rule trouble shooting - No writting to FireSvc.log

Jump to solution

Ok so i figured out I have to assign a policy that turns FW debugging on.

Under this part of the log, I can't figure out where the value "requires home network = True" What sets this value ?

***** Location Info

Group "Isolation"

  Client id = xxxxxxxxxxxxxxxx

  Requires home network = true

  Hot drop if not match = true

  Is ipv4 = true

  Is ipv6 = true

  Registry key =

  Physical medium = FW_PHYSICAL_MEDIUM_WIRED

  DNS suffix = xxx.xxx

  Gateway = x.x.x.x

  DNS server = x.x.x.x

  DNS server = x.x.x.x

Highlighted

Re: CAG Rule trouble shooting - No writting to FireSvc.log

Jump to solution

sounds like the dns suffix criteria you are using is incorrect. why not just use one piece of criteria in the cag?

Highlighted

Re: CAG Rule trouble shooting - No writting to FireSvc.log

Jump to solution

Scott,

Thru testing I ended up figuring out part of my problem. The DNS suffix has to match in the Advantaced TCP/IP settings under DNS Suffix where I have it highlighted in RED. I kept focuing on the DNS suffix and NEtBIOS Page and adding DNS Suffix there which is not SAME SAME LOL........I did figure out what causes the requires home netowkr = true. But I lost those notes and don't remeber now. I think every time I had the CAG set to check for DNS Suffix it would switch to TRUE.

DNS_suffix1.JPGDNS_suffix.JPG

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community