- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
05-18-2021 11:05 AM
Hi Everyone,
We are a new customer for Cortex XDR and the network filter seems to be killing our ability to share a connection to our Windows VM's from our macOS host while using our SonicWall VPN. If the VPN is disconnected connection works fine, when Cortex XDR is uninstalled it also works fine, as soon as Cortex is installed the shared connection dies. Any ideas?
05-18-2021 12:28 PM
@KTaig wrote:Hi Everyone,
We are a new customer for Cortex XDR and the network filter seems to be killing our ability to share a connection to our Windows VM's from our macOS host while using our SonicWall VPN. If the VPN is disconnected connection works fine, when Cortex XDR is uninstalled it also works fine, as soon as Cortex is installed the shared connection dies. Any ideas?
Hi @KTaig ,
Welcome to the community!
Can you successfully establish a connection from the MacOS host to the VPN gateway in terms of the VPN? If so, are you seeing the route to the Windows VM subnet installed by the SonicWall VPN in the MacOS routing table? If those are working appropriately, meaning you have a successful VPN connection and a VPN route to your Windows VM, my recommendation would be to try disabling the Host Firewall Management on the Cortex XDR Agent for your MacOS device. Disabling the Host Firewall Management can be done in Endpoints > Policy Management > Extensions, Profiles > Editing your target MacOS Firewall profile and disabling the Host Firewall Management section. Once complete, are you able to connect to the Windows VM?
If that didn't help, might you be receiving alerts on your alerts table regarding the VPN or supporting processes?
05-18-2021 01:31 PM
@gjenkins wrote:
@KTaig wrote:Hi Everyone,
We are a new customer for Cortex XDR and the network filter seems to be killing our ability to share a connection to our Windows VM's from our macOS host while using our SonicWall VPN. If the VPN is disconnected connection works fine, when Cortex XDR is uninstalled it also works fine, as soon as Cortex is installed the shared connection dies. Any ideas?
Hi @KTaig ,
Welcome to the community!
Can you successfully establish a connection from the MacOS host to the VPN gateway in terms of the VPN? If so, are you seeing the route to the Windows VM subnet installed by the SonicWall VPN in the MacOS routing table? If those are working appropriately, meaning you have a successful VPN connection and a VPN route to your Windows VM, my recommendation would be to try disabling the Host Firewall Management on the Cortex XDR Agent for your MacOS device. Disabling the Host Firewall Management can be done in Endpoints > Policy Management > Extensions, Profiles > Editing your target MacOS Firewall profile and disabling the Host Firewall Management section. Once complete, are you able to connect to the Windows VM?
If that didn't help, might you be receiving alerts on your alerts table regarding the VPN or supporting processes?
Hi thanks for the response.
I will answer each of those:
Can you successfully establish a connection from the MacOS host to the VPN gateway in terms of the VPN? The macOS host connects to the VPN and can access things on it's end just fine.
If so, are you seeing the route to the Windows VM subnet installed by the SonicWall VPN in the MacOS routing table? This im not seeing. When the VPN is on the Windows VM immediately loses network connectivity and if you run the network troubleshooter you get it's not getting a valid IP. Turn off the VPN, the VM can connect to the network again and can even run a VPN in the VM fine, but the network doesn't talk back to the macOS.
If that didn't help, might you be receiving alerts on your alerts table regarding the VPN or supporting processes?No alerts or anything are being generated by Cortex, which is odd.
I will copy the profile and turn off firewall management applying it only to this machine and see if it helps.
Thank you
05-18-2021 02:26 PM
@KTaig wrote:
@gjenkins wrote:
@KTaig wrote:Hi Everyone,
We are a new customer for Cortex XDR and the network filter seems to be killing our ability to share a connection to our Windows VM's from our macOS host while using our SonicWall VPN. If the VPN is disconnected connection works fine, when Cortex XDR is uninstalled it also works fine, as soon as Cortex is installed the shared connection dies. Any ideas?
Hi @KTaig ,
Welcome to the community!
Can you successfully establish a connection from the MacOS host to the VPN gateway in terms of the VPN? If so, are you seeing the route to the Windows VM subnet installed by the SonicWall VPN in the MacOS routing table? If those are working appropriately, meaning you have a successful VPN connection and a VPN route to your Windows VM, my recommendation would be to try disabling the Host Firewall Management on the Cortex XDR Agent for your MacOS device. Disabling the Host Firewall Management can be done in Endpoints > Policy Management > Extensions, Profiles > Editing your target MacOS Firewall profile and disabling the Host Firewall Management section. Once complete, are you able to connect to the Windows VM?
If that didn't help, might you be receiving alerts on your alerts table regarding the VPN or supporting processes?Hi thanks for the response.
I will answer each of those:
Can you successfully establish a connection from the MacOS host to the VPN gateway in terms of the VPN? The macOS host connects to the VPN and can access things on it's end just fine.
If so, are you seeing the route to the Windows VM subnet installed by the SonicWall VPN in the MacOS routing table? This im not seeing. When the VPN is on the Windows VM immediately loses network connectivity and if you run the network troubleshooter you get it's not getting a valid IP. Turn off the VPN, the VM can connect to the network again and can even run a VPN in the VM fine, but the network doesn't talk back to the macOS.
If that didn't help, might you be receiving alerts on your alerts table regarding the VPN or supporting processes?No alerts or anything are being generated by Cortex, which is odd.
I will copy the profile and turn off firewall management applying it only to this machine and see if it helps.
Thank you
Hi @KTaig,
Thank you for answering those questions! Is it possible for you to grab a screenshot of the routing table (in the command line, enter "route print") before and after connecting to the VPN, and also providing the IP addresses of the source and destination devices? Could you also provide a traceroute to the MacOS endpoint?
What I'm leaning towards is that if the Cortex XDR agent prevents a route from being installed, we may be able to see it in the comparison of the two route tables. So let's see if the route is being installed, and the firewall management is disabled, and take it from there.
05-19-2021 01:48 PM
Hey,
I didn't have time to get to this today but 1 thing I see that would be an issue getting this information is the routes with the VPN on. The VPN is on the macOS not the Windows VM, as soon as it turns on the network on the VM dies. I don't think it will see any routes because its no longer getting an internet connection at all.
05-20-2021 10:54 AM
@KTaig wrote:Hey,
I didn't have time to get to this today but 1 thing I see that would be an issue getting this information is the routes with the VPN on. The VPN is on the macOS not the Windows VM, as soon as it turns on the network on the VM dies. I don't think it will see any routes because its no longer getting an internet connection at all.
Hi @KTaig ,
If we don't have visibility into the device due to the Internet connection being lost, and there doesn't appear to be anything wrong with your Cortex XDR agent configuration, then I think that the next best step would be to open a ticket with Support. They will request the Support logs and be able to attempt an offline analysis given the logs that you've provided. Please open a case with them here and upload those logs whenever possible.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!