Hello, I believe it’s because it’s an internal check to see if that. Node needs something to be done.
You can try it out to see if it works, for a Symantec check that could work because it does not requires the IP address of the device to do that check on the Symantec service. Most of the Scans requires the IP address of the device in order to start to scan the host for example the WMI, that why the DHCP ACK is very important. Thanks, Ludovic Zammit [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: www.inverse.ca <https://www.inverse.ca/> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu <http://www.sogo.nu/>) and PacketFence (http://packetfence.org <http://packetfence.org/>) > On Feb 27, 2021, at 12:15 AM, NITISH AGGARWAL <[email protected]> wrote: > > Thank you Ludovic for your help so far. > > I have one more question, if PacketFence is not checking for provisioning > without DHCP then why it is generating security events as Provisioning > Enforcement against node. > > On Fri, Feb 26, 2021, 23:00 Ludovic Zammit <[email protected] > <mailto:[email protected]>> wrote: > Yes, you could do a WMI scan on post registration that checks if a process is > there or not. > > You need a account that has administrative rights on the device that you > check. > > Thanks, > > Ludovic Zammit > [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: > www.inverse.ca <https://www.inverse.ca/> > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu > <http://www.sogo.nu/>) and PacketFence (http://packetfence.org > <http://packetfence.org/>) > > > > > > > >> On Feb 26, 2021, at 12:03 PM, NITISH AGGARWAL <[email protected] >> <mailto:[email protected]>> wrote: >> >> But I can see security event triggered for SEPM provisioning on node. But >> the problem is it actually not restricting access. >> >> Can I use wmi scan in my environment?? >> >> Thanks. >> >> On Fri, Feb 26, 2021, 22:31 Ludovic Zammit <[email protected] >> <mailto:[email protected]>> wrote: >> No DHCP, no provisioner. >> >> Thanks, >> >> Ludovic Zammit >> [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) :: >> www.inverse.ca <https://www.inverse.ca/> >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >> <http://packetfence.org/>) >> >> >> >> >> >> >> >>> On Feb 26, 2021, at 11:52 AM, NITISH AGGARWAL <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> I donot have DHCP server installed, no provisioning for DHCP. It's all >>> static ip. >>> >>> On Fri, Feb 26, 2021, 22:21 Ludovic Zammit <[email protected] >>> <mailto:[email protected]>> wrote: >>> Does PF receives DHCP ACK from the production DHCP server ? >>> >>> Did you install the DHCP sensor ? >>> >>> https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_microsoft_dhcp_sensor >>> >>> <https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_microsoft_dhcp_sensor> >>> >>> Thanks, >>> >>> Ludovic Zammit >>> [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) >>> :: www.inverse.ca <https://www.inverse.ca/> >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >>> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >>> <http://packetfence.org/>) >>> >>> >>> >>> >>> >>> >>> >>>> On Feb 26, 2021, at 11:44 AM, NITISH AGGARWAL <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> As such there is no restriction on when to check for provisioning although >>>> I have selected option of checking after registration of device. >>>> >>>> On Fri, Feb 26, 2021, 22:11 Ludovic Zammit <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> Provisioner workflow are triggered by DHCP traffic seen from the >>>> Production or Registration networks. >>>> >>>> When do you want to check if Symantec is installed ? >>>> >>>> Thanks, >>>> >>>> Ludovic Zammit >>>> [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) >>>> :: www.inverse.ca <https://www.inverse.ca/> >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >>>> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >>>> <http://packetfence.org/>) >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>> On Feb 26, 2021, at 11:40 AM, NITISH AGGARWAL <[email protected] >>>>> <mailto:[email protected]>> wrote: >>>>> >>>>> Yes....as I connects the device it went into registration vlan and then >>>>> if it is in domain it gets authenticated and vlan changes as per switch. >>>>> >>>>> Dot1x is working fine...but problem is with Symantec. How to check if end >>>>> device has Symantec client installed and working. >>>>> >>>>> On Fri, Feb 26, 2021, 22:07 Ludovic Zammit <[email protected] >>>>> <mailto:[email protected]>> wrote: >>>>> Hello, >>>>> >>>>> Your devices that connect on PF are statically IP addressed? >>>>> >>>>> Thanks, >>>>> >>>>> Ludovic Zammit >>>>> [email protected] <mailto:[email protected]> :: +1.514.447.4918 (x145) >>>>> :: www.inverse.ca <https://www.inverse.ca/> >>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu >>>>> <http://www.sogo.nu/>) and PacketFence (http://packetfence.org >>>>> <http://packetfence.org/>) >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> On Feb 25, 2021, at 9:55 AM, NITISH AGGARWAL via PacketFence-users >>>>>> <[email protected] >>>>>> <mailto:[email protected]>> wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> I have setup PacketFence zen as per guide. I can see dot1x >>>>>> authentication working with MSCHAPv2 auth, so non domain users are not >>>>>> getting access, which is required. I am using auto-registration in >>>>>> connection profile. >>>>>> >>>>>> Second, I have to check for Symantec in my endpoints. I have setup SEPM >>>>>> provisioning as per document. During authentication, I can see security >>>>>> event generated for provisioning on my node in PacketFence but my end >>>>>> device got access to intranet no matter symantec installed on it or not. >>>>>> >>>>>> I have tried everything I could. I need some help in this case. I am >>>>>> using static ips and cisco 2960. >>>>>> >>>>>> I need devices to be registered if they have both domain connected and >>>>>> SEPM installed. >>>>>> >>>>>> Any help will be appreciated. Thanks in advance... >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> PacketFence-users mailing list >>>>>> [email protected] >>>>>> <mailto:[email protected]> >>>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>>> <https://lists.sourceforge.net/lists/listinfo/packetfence-users> >>>>> >>>> >>> >> >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
