All Topics » Pulse Connect Secure



MacOSX High Sierra and Filevault issue


romcan
Contributor (1)
Sep 27, 2017 8:20am
Hello,

in our setup we are using hostchecker to check FileVault if all discs are encrypted. Unfortunately in High Sierra 10.03 it is not working and I am getting error message 'Rule-HD_encrypt:FileVault 10.13.0 does not comply with policy. Compliance requires drives to be encrypted.'.

Latest ESAP 3.1.4 installed where FileVault 10.13.X definition exists. Also the latest client Pulse-Secure/8.3.2.853 is installed on wokstation.

Anybody has the same issues? Any workaround? I dont like to bypass the rule.

Thanks



Ray
Contributor (0)
Sep 28, 2017 10:05pm
Hi romcan,


Yes, ESAP 3.1.4 V3 has FileVault 10.13 as supported.

Was it working before? or is it a new setup?

Which version of ESAP are you using V3 or V4?


If possible, Please upload the Client-side debug logs & ESAP Diagnostic logs.

Thanks,
Ray.

    romcan
    Contributor (1)
    Oct 2, 2017 12:29pm
    Hello Ray,

    Yes, it was working before and it is still working for previous version of Macos X. Just High Sierra is troublemaker.
    Both Opswat SDKs tested. At the moment the newest is active.

    I have all logs in support case 2017-0927-2287 so you can check there.

    Thanks
zanyterp
Pulse Secure Contributor (40)
Sep 29, 2017 6:43pm
Does it still work on Sierra systems?
Do you have any other checks going on at the same time?
And can you test 3.1.5 that was just released?
    romcan
    Contributor (1)
    Oct 2, 2017 12:25pm
    Hello,

    thanks for your inputs.

    I tried with both latest ESAP packages. Now I have 3.1.5 activated. tried older Opswat SDK and also the new one which is active at the moment. No change.
    The same settings are working on previous Sierra Macos version.

    Case with support is ongoing. So lets see :-)
    zanyterp
    Pulse Secure Contributor (40)
    Oct 3, 2017 4:58pm
    Thank you for the update and confirmation that it is something we need to work with OPSWAT to have addressed for the new firewall version detail in 10.13
    Glad to hear you have the case already running.
Ray
Contributor (0)
Oct 6, 2017 5:38pm
I gone through the case notes and logs.

As a workaround,

>>> Use V4 SDK

>>> Host checker policy - In drive configuration details select "Specific Drives" and check only "Macintosh HD" drive.

Give this a try and tell me what happens.

Thanks,
Ray.
    romcan
    Contributor (1)
    Oct 6, 2017 9:56pm
    Hello,

    thanks for a reply.

    unfortunately this is not working in 100% since users can change name of their drive.

    Roman
    Ray
    Contributor (0)
    Oct 6, 2017 10:55pm
    Sorry to hear about that,

    I guess pulse secure support engineers would have raised a ticket with OPSWAT by now and get you a fix soon.

    I'm sorry that i can't do anything to fix this issue as this has to deal with their Engineering Team.

    Regards,
    Ray.
    sramkumar
    Contributor (0)
    Oct 13, 2017 2:53pm
    Hi,

    We have raised OPSWAT Ticket for both v3 and V4 SDK.

    Currently, we are waiting for the update and will update you solution once I get it

    Regards
    Ramkumar Selladurai
    romcan
    Contributor (1)
    Oct 17, 2017 7:20am
    Yes I have opened the ticket for 2 weeks. Issue is identified as a bug.
    Lets see how quick are Pulse Secure guys.

    Roman