I created 2 Firewall Rule Groups, one of them is Location Aware:
- On Domain (LAG: ePO reachability, DNS Suffix, DNS IPs)
- Off Domain (no LAG: only VPN allowed)
Now, after you disconnect the LAN cable, the LAG "On Domain" is still active for several minutes (open network). I managed to speed up the evaluation of the firewall rules by running cmdagent.exe -e.
Am I right, that the evaluation of LAGs only happens at the policy enforcement interval? And NOT when the network state (NIC connect/disconnect, WLAN connect/disconnect) changes??
While testing HIPS8 a few weeks ago, the behavior was different as I remember. Is it?
This behavior was fixed with ENS 10.1.1 because of my case I opened.
Since then the evaluation of LAGs happen when the network state changes.