[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1366
  • Last Modified:

Symantec End Point will not allow DHCP accross more than one vlan.

I recently purchased laptops with Windows 7.  I created the image that we were going to use for the other laptops.  Then I noticed an issue.  When Symantec End Point Protection 11.0.5 & 11.0.6  is installed on Windows 7, in a Windows 2003 domain environment, I am unable to pick up an IP address from the DHCP server across the wireless connection.  

When I plug into the network it works just fine, I am able to pick up the IP address. This of course is not trying to switch to another VLAN.

Let me explain the wireless dhcp settings.  When a computer is turned on the computer should receive an IP address from the DHCP server for the Machine WLAN.  This is when the laptop is at the log in screen.  Once the user logs in, whom ever this may be, the dhcp server assigns an IP address based on your credentials in Active Directory.  Either being a student, WLAN Student, techer, WLAN Teacher, Admin, WLAN Admin.  The laptop will pick up the Machine VLAN IP address just fine. Laptop will not pick up the assigned VLAN once a user logs in.

Thanks for your help in advance

David
0
david_trombley
Asked:
david_trombley
  • 4
  • 2
2 Solutions
 
Ehab SalemCommented:
Are you using location profiles is SEPM?
What rules are applied to the new VLAN?
Did you enable logging and check the blocked traffic/packets log?
0
 
david_trombleyAuthor Commented:
The rules that are applied to the VLAN are very limited on the IAS server there is one policy for the Domain Computers.  This policy uses NAS-Port-Tyoe IEEE 802.11 and Wireless Other for all domain computers.  Also I did not enable logging to check the blocked traffic/packets.  I am confused on the first question.  Hope this helps.  

0
 
Ehab SalemCommented:
I am asking about the firewall rules in Symantec endpoint.
Regarding the first question, there is a "location awareness" in SEP, i.e. it changes the FW rules based on the location.
If you are sure the blocking is done via Symantec, then enabling logging will help identifying the problem.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
david_trombleyAuthor Commented:
OK, I see, I am pretty sure that SEP is doing the blocking.  When its not installed everything works great.  When it is installed I am stuck with a Machine WLAN IP Address.  Therefore not Internet access and so on.  I will look at SEP and see what I can find. and I will look at the rules also.

Thanks
0
 
david_trombleyAuthor Commented:
I figured out what was blocking the DHCP service from obtaining the IP address.  The network threat protection for SEP was the corporate.  Thanks for your help.
0
 
david_trombleyAuthor Commented:
I trouble shoot the issue by disable the policies with in SEP.  I then tried disabling the Network Threat Protection on the local machine and once a restart happened this was re-enabled.  I then created an Install Package with in SEP and installed this on the laptop.  I then restarted while the Ethernet cable was plugged in and then updated the policy for SEP.  I then restarted again and all was working great.
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now