Thank you Ludovic for your help so far. I have one more question, if PacketFence is not checking for provisioning without DHCP then why it is generating security events as Provisioning Enforcement against node.
On Fri, Feb 26, 2021, 23:00 Ludovic Zammit <[email protected]> wrote: > Yes, you could do a WMI scan on post registration that checks if a process > is there or not. > > You need a account that has administrative rights on the device that you > check. > > Thanks, > > > Ludovic Zammit > [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca > Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence > (http://packetfence.org) > > > > > > > > > On Feb 26, 2021, at 12:03 PM, NITISH AGGARWAL <[email protected]> > wrote: > > But I can see security event triggered for SEPM provisioning on node. But > the problem is it actually not restricting access. > > Can I use wmi scan in my environment?? > > Thanks. > > On Fri, Feb 26, 2021, 22:31 Ludovic Zammit <[email protected]> wrote: > >> No DHCP, no provisioner. >> >> Thanks, >> >> >> Ludovic Zammit >> [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> >> >> >> >> >> >> >> On Feb 26, 2021, at 11:52 AM, NITISH AGGARWAL <[email protected]> >> wrote: >> >> I donot have DHCP server installed, no provisioning for DHCP. It's all >> static ip. >> >> On Fri, Feb 26, 2021, 22:21 Ludovic Zammit <[email protected]> wrote: >> >>> Does PF receives DHCP ACK from the production DHCP server ? >>> >>> Did you install the DHCP sensor ? >>> >>> >>> https://www.packetfence.org/doc/PacketFence_Installation_Guide.html#_microsoft_dhcp_sensor >>> >>> Thanks, >>> >>> >>> Ludovic Zammit >>> [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca >>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>> (http://packetfence.org) >>> >>> >>> >>> >>> >>> >>> >>> >>> On Feb 26, 2021, at 11:44 AM, NITISH AGGARWAL <[email protected]> >>> wrote: >>> >>> As such there is no restriction on when to check for provisioning >>> although I have selected option of checking after registration of device. >>> >>> On Fri, Feb 26, 2021, 22:11 Ludovic Zammit <[email protected]> wrote: >>> >>>> Provisioner workflow are triggered by DHCP traffic seen from the >>>> Production or Registration networks. >>>> >>>> When do you want to check if Symantec is installed ? >>>> >>>> Thanks, >>>> >>>> >>>> Ludovic Zammit >>>> [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>> (http://packetfence.org) >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Feb 26, 2021, at 11:40 AM, NITISH AGGARWAL <[email protected]> >>>> wrote: >>>> >>>> Yes....as I connects the device it went into registration vlan and then >>>> if it is in domain it gets authenticated and vlan changes as per switch. >>>> >>>> Dot1x is working fine...but problem is with Symantec. How to check if >>>> end device has Symantec client installed and working. >>>> >>>> On Fri, Feb 26, 2021, 22:07 Ludovic Zammit <[email protected]> wrote: >>>> >>>>> Hello, >>>>> >>>>> Your devices that connect on PF are statically IP addressed? >>>>> >>>>> Thanks, >>>>> >>>>> >>>>> Ludovic Zammit >>>>> [email protected] :: +1.514.447.4918 (x145) :: www.inverse.ca >>>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >>>>> (http://packetfence.org) >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Feb 25, 2021, at 9:55 AM, NITISH AGGARWAL via PacketFence-users < >>>>> [email protected]> wrote: >>>>> >>>>> Hi, >>>>> >>>>> I have setup PacketFence zen as per guide. I can see dot1x >>>>> authentication working with MSCHAPv2 auth, so non domain users are not >>>>> getting access, which is required. I am using auto-registration in >>>>> connection profile. >>>>> >>>>> Second, I have to check for Symantec in my endpoints. I have setup >>>>> SEPM provisioning as per document. During authentication, I can see >>>>> security event generated for provisioning on my node in PacketFence but my >>>>> end device got access to intranet no matter symantec installed on it or >>>>> not. >>>>> >>>>> I have tried everything I could. I need some help in this case. I am >>>>> using static ips and cisco 2960. >>>>> >>>>> I need devices to be registered if they have both domain connected and >>>>> SEPM installed. >>>>> >>>>> Any help will be appreciated. Thanks in advance... >>>>> >>>>> >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>>> >>>>> >>>>> >>>> >>> >> >
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
