F-Secure Policy Manager - Block user from creating own Firewall Rules

YoinkZ

Hi All,

 

I'm facing a weird problem here, that I did solve in one of my other Installations, but this time if won't work .

When I set up the Policy Manager and Locks all the functions so the user can't edit anything, I still see that the user are able to Open a Port. I double cheked the other installation and made sure that the settings are the same. Really, I can't spot what I've missed !

 

Everything else seems to be greyed out just fine... can someone point me in the right direction here?

 

If I missed any info, let me know!

 

//Thanks!

Vad

Hello YoinkZ,

 

Try to set final flag (lock the lock) on the policy settings you are using to lock the functions.

 

If this will not help, please answer few questions:

1. What version of PM do you have?

2. What client product(s)/version(s) do you have?

3. Do the client which works fine, and the client which doesn't work have the same version?

 

Best regards,

Vad

YoinkZ

Hi Vad,

 

Thanks for getting back so Quickly. 

I think I already did that. I've been through almost every single settings pairing with the working one and they should be identical.

 

Is is possible to locate the exact lock I need to "Lock"?

As you can see in my attached screenshots, those I think should interact with the "Opening Port" possibility are already "locked" or disallowed for changes.

 

Policy Manager: 12.31.79713 - but upgraded and tried with 13.00.83038 (same result)
Client Product: 13.31 build 105
The clients did have the exactly same builds and Policy versions (Not anymore after the 13.00 upgrade on Policy Manager).

his is a new installation in another invironment, so the "Clients" are not talking to the same Policy Manager (just to clearify).

Vad

I see.

Could you, please, contact support, and provide support tool diagnostics collection (fsdiag) from working machine and from failing machine for comparing?

 

Best regards,

Vad

YoinkZ

I can try, but I don't think it's an error. It's more likely just a mark somewhere .

 

But of course, will give it a go when I get a chance!

Vad

i don't think it's an error, i just want to compare policies. You can actually do it yourself - run "polutil dump policy.txt" from F-Secure\Common folder  on 2 machines and compare policy.txt files.

This utility collects local client policies, and comparison should show some differences.

 

Best regards,

Vad