Howto enable CIC check for Windows Firewall on SSLVPN client

  • 7002779
  • 20-Mar-2009
  • 26-Apr-2012

Environment

Novell Access Manager 3.1 SSLVPN Server
Novell Access Manager 3.1 Access Administration
Novell Access Manager 3.1 Interim Release 1 must be enabled
Windows XP Support Pack 3 installed on client

Situation

With Access Manager 3.0 and shipping 3.1 version, there was no option in the UI to check whether the Windows Firewall was enabled (the option to check a Windows registry setting existed, but not to check the value of that setting). With 3.1 IR1, we have multiple options (including checking of the registry value). The prefereable approach involves checking for a Windows service.

To enable a CIC policy to check for a running Windows Firewall service, we need to do the following:

- Go to the SSLVPN CIC config in iManager
- selected 'Firewall Windows'
- Selected New and added an Application Name of WindowsFirewall
- Under 'Definition of the Application', I selected New and added an Attribute type of service
- Under Service configuration, I added the name of 'Windows Firewall/Internet Connection Sharing (ICS)'. This is what is displayed when opening the service list on a Windows XP SP3 host and clicked Windows Firewall
- Add status to be running
- Select Process, AbsoluteFile and RegistryKey entries and DELETE them (not needed)
- apply changes

Once the traffic policy has a client security setting that requires Windows Firewall to be running, it should now be able to evaluate that criteria.