Use of this document and web site are governed by the Terms and Conditions of Use for InfoExpress's web site.SummaryIn some configurations, the Trend Micro personal firewall may disrupt DNAC's normal operation and create network problems.
SymptomsIf you have deployed DNAC on a network where the Trend Micro personal firewall is active and you encounter connectivity problems, the problem is likely that Trend's firewall is preventing DNAC enforcers from acting correctly. In a normal environment, enforcers will forward permitted traffic (such as audit traffic, remediation actions, etc.) from quarantined endpoints. The Trend firewall can be configured to drop these packets, effectively cutting off quarantined endpoints completely.
When this problem occurs, all new endpoints joining the network will be blocked from the network, even if they are compliant. Endpoints will not be able to perform a CyberGatekeeper audit nor will they be able to contact any remediation resources.
ResolutionResolving this problem is a simple process, which is outlined below:
- Open the "ofcscan.ini" file in the "\PCCSRV\" folder on the OfficeScan installation directory.
- Under the "Global Setting" section, add the following key and set its value to "1".
[Global Setting]
DontDropUnknowTCP=1
In OfficeScan 10.5+ you may also need to set the following value:
EnableGlobalPfwByPassRule=1
- Open the OfficeScan server Web console and go to "Networked Computers > Global Client Settings" screen.
- Click "Save" to deploy the setting to clients. The OfficeScan client program automatically installs the following new registry key. You can use this key to confirm that the setting has been deployed to your endpoints:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tmcfw\Parameters]
"DontDropUnknowTCP"=dword:1
- Reboot the endpoint to ensure the new settings are in effect.
Use of this document and web site are governed by the Terms and Conditions of Use for InfoExpress's web site.
