Forum Discussion

Sandra_O_230072's avatar
Sandra_O_230072
Icon for Nimbostratus rankNimbostratus
Oct 21, 2015

F5 BIG-IP Edge Client - Firewall Check Failed

Hi all. I'am new here and I don't know almost nothing about F5. But I have to support F5 BIG-IP Edge Client. And from time to time we have the following problem: When the user tries to connect they get the message "Firewall check failed. Please activate Windows Firewall and try again." But that problem have only 3-5 users. Mostly after the Windows Updates. We tried a few things:

 

  • Uninstall and install the BIG-IP Software
  • Checked the Windows firewall were on, also the rules
  • With diffrent user on the same client
  • And a lot of other things I cant remember nothing helped.

So we have to install a new Windows on the machine, which can not be the solution. Maybe anyone of you had the same problem. I hope you can help me.

 

We use Windows 7 x64 Notebooks. BIG-IP Edge Client Version is 7101,2014,1106,1707.

 

Thanks

 

hp

3 Replies

Sort By
  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Oct 21, 2015
    if you a have support contract on this platform with F5 just contact them. they have to possibility to investigate much deeper then we can here via a forum. of course someone might have experienced exactly the same and can help, but opening a support ticket in parallel is always a good idea.
  • jogoldberg's avatar
    jogoldberg
    Icon for Nimbostratus rankNimbostratus
    Aug 01, 2024

    Hi - I have been having the same problem for 2 months. 

    Windows 10 Version 22H2

    HP ZBook Fury 15.6 inch G8 Mobile Workstation PC

    BigIP Edge Client 7241,2023,331,1108

     

    Firewall check fails when trying to connect. I get this e-mail from the system:

    From: admin@xxxxxxxxxxxxxxxxxxxxx 
    Sent: Thursday, 1 August, 2024 11:21 AM
    To: xxxxxxxxxxxxxxxxxxxx
    Subject: Failed VPN Login - Session ID xxxxxxxxxxxxxxxx

     

    Hello, You are receiving this email after failing to successfully connect to the Remote Access VPN Service. Please contact Local IT if you require assistance and they will help you to resolve your issue. The information below is to be recorded on any Service Now or Support Desk tickets to assist in troubleshooting errors. Session ID = xxxxxxxxxxxx Machine Certificate Check Result = 1 AD Query Result = 1 AD Auth Result = 1 MFA Authentication Result = 1 Firewall Check Result = 0 We were unable to detect an installed and running firewall on your device. AntiVirus Check Result = AD Groups Membership

    F5 Diagnostics says:

    2024-08-01, 9:36:11:678, 5080,12232,UNINSTALL, 48, , 373, ReportGenerator::GetOpswatEndPointInspectionLogs, OPSWAT Result: , {
        "runs": [
            {
                "api": "3",
                "expression": "type=fw&collect= 1",
                "expression_parsed": {
                    "Firewall software Check": ""
                },
                "=": "===========================================================",
                "+": "=====================Firewall software Check==========================",
                "_": "===========================================================",
                "result_parsed": {
                    "result": "0",
                    "state": "0",
                    "sdk": "4.3.2711.0",
                    "engine": "4.3.3969.0",
                    "count": "2",
                    "id1": "6015",
                    "vendor_id1": "6",
                    "version1": "10.0.19041.4291",
                    "name1": "Microsoft Windows Firewall",
                    "vendor_name1": "Microsoft Corp.",
                    "state1": "0",
                    "id2": "492000",
                    "vendor_id2": "492",
                    "version2": "7.13.18308.0",
                    "name2": "CrowdStrike Falcon",
                    "vendor_name2": "CrowdStrike, Inc.",
                    "state2": "0"
                }
            },

     

    This is quite strange as the firewalls are definitely running:

    Microsoft Windows [Version 10.0.19045.4651]
    (c) Microsoft Corporation. All rights reserved.

    C:\Users\jogoldberg>netsh advfirewall show all

    Domain Profile Settings:
    ----------------------------------------------------------------------
    State                                 ON
    Firewall Policy                       BlockInbound,AllowOutbound
    LocalFirewallRules                    N/A (GPO-store only)
    LocalConSecRules                      N/A (GPO-store only)
    InboundUserNotification               Enable
    RemoteManagement                      Disable
    UnicastResponseToMulticast            Enable

    Logging:
    LogAllowedConnections                 Disable
    LogDroppedConnections                 Disable
    FileName                              %systemroot%\system32\LogFiles\Firewall\pfirewall.log
    MaxFileSize                           4096


    Private Profile Settings:
    ----------------------------------------------------------------------
    State                                 ON
    Firewall Policy                       BlockInbound,AllowOutbound
    LocalFirewallRules                    N/A (GPO-store only)
    LocalConSecRules                      N/A (GPO-store only)
    InboundUserNotification               Enable
    RemoteManagement                      Disable
    UnicastResponseToMulticast            Enable

    Logging:
    LogAllowedConnections                 Disable
    LogDroppedConnections                 Disable
    FileName                              %systemroot%\system32\LogFiles\Firewall\pfirewall.log
    MaxFileSize                           4096


    Public Profile Settings:
    ----------------------------------------------------------------------
    State                                 ON
    Firewall Policy                       BlockInbound,AllowOutbound
    LocalFirewallRules                    N/A (GPO-store only)
    LocalConSecRules                      N/A (GPO-store only)
    InboundUserNotification               Enable
    RemoteManagement                      Disable
    UnicastResponseToMulticast            Enable

    Logging:
    LogAllowedConnections                 Disable
    LogDroppedConnections                 Disable
    FileName                              %systemroot%\system32\LogFiles\Firewall\pfirewall.log
    MaxFileSize                           4096

    Ok.

     

    We've already tried the following:

    1. Make sure VPN server is set to the correct server - Done
    2. Try the diagnostic from https://<f5 server>/checkfw - Done. Same error as the BigIP Edge Client
    3. Hold down power button for 1 minute to do a forced unclean shutdown of laptop to clear memory - Done
    4. Try different WiFi network - Tried home Wifi, tried public Wifi, tried conference Wifi, tried LTE, tried iPhone Hotspot - same result
    5. From corporate LAN, performed a GPUpdate, and renewed my machine certificate - Done
    6. Sent multiple F5 Client Diagnostic reports - Done
    7. Performed GPUpdate myself while at The Office - Done
    8. Confirm that Group policy files located at C:\windows\System32\GroupPolicy are up to date - Done
    9. Uninstall/Reinstall F5 BigIP-Edge client - Done
    10. Check MFA Setup - Done
    11. Check Certificates - Done

    Can the community offer any guidance/advice?

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Aug 03, 2024

    Ill repeat what I said almost 9 years ago, please contact F5 support, they can look into this with your details and their expertise of the system. You might get lucky here if someone experienced exactly the same, but chance is very low.