cancel
Showing results for 
Search instead for 
Did you mean: 
ninjaneer68
Level 10

CAG Rule trouble shooting - No writting to FireSvc.log

Jump to solution

I am experminting with CAG rules and I have one set up with connection aware with  2 DNS servers by IP and a DNS Suffix.

When I apply the CAG rule to the system, the NIC is isolated. When I remove the DNS suffix from the CAG rule it starts working again.

I am trying to debug this by looking at the  FireSvc.log for Calculate Effective Location Policy to see where the issue is. The FireSvc.log hasn't been written to for a month and not sure whats stopping it from writting to the log.

Running

HIPS 8

Epo 4.6.6

Message was edited by: sstretchh on 4/11/14 7:32:16 AM CDT
0 Kudos
1 Solution

Accepted Solutions
ninjaneer68
Level 10

Re: CAG Rule trouble shooting - No writting to FireSvc.log

Jump to solution

Scott,

Thru testing I ended up figuring out part of my problem. The DNS suffix has to match in the Advantaced TCP/IP settings under DNS Suffix where I have it highlighted in RED. I kept focuing on the DNS suffix and NEtBIOS Page and adding DNS Suffix there which is not SAME SAME LOL........I did figure out what causes the requires home netowkr = true. But I lost those notes and don't remeber now. I think every time I had the CAG set to check for DNS Suffix it would switch to TRUE.

DNS_suffix1.JPGDNS_suffix.JPG

0 Kudos
3 Replies
ninjaneer68
Level 10

Re: CAG Rule trouble shooting - No writting to FireSvc.log

Jump to solution

Ok so i figured out I have to assign a policy that turns FW debugging on.

Under this part of the log, I can't figure out where the value "requires home network = True" What sets this value ?

***** Location Info

Group "Isolation"

  Client id = xxxxxxxxxxxxxxxx

  Requires home network = true

  Hot drop if not match = true

  Is ipv4 = true

  Is ipv6 = true

  Registry key =

  Physical medium = FW_PHYSICAL_MEDIUM_WIRED

  DNS suffix = xxx.xxx

  Gateway = x.x.x.x

  DNS server = x.x.x.x

  DNS server = x.x.x.x

0 Kudos
greatscott
Level 12

Re: CAG Rule trouble shooting - No writting to FireSvc.log

Jump to solution

sounds like the dns suffix criteria you are using is incorrect. why not just use one piece of criteria in the cag?

0 Kudos
ninjaneer68
Level 10

Re: CAG Rule trouble shooting - No writting to FireSvc.log

Jump to solution

Scott,

Thru testing I ended up figuring out part of my problem. The DNS suffix has to match in the Advantaced TCP/IP settings under DNS Suffix where I have it highlighted in RED. I kept focuing on the DNS suffix and NEtBIOS Page and adding DNS Suffix there which is not SAME SAME LOL........I did figure out what causes the requires home netowkr = true. But I lost those notes and don't remeber now. I think every time I had the CAG set to check for DNS Suffix it would switch to TRUE.

DNS_suffix1.JPGDNS_suffix.JPG

0 Kudos