Global Protect HIP Does Detect Firewall with New Apple MacOS Sequoia

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Global Protect HIP Does Detect Firewall with New Apple MacOS Sequoia

L2 Linker
Can you please provide some advise on this:
Our client has an issue with the new Apple MACOS Sequoia 
 The new Apple MacOS Sequoia seems to have changed some behaviour in how they check the local firewall. Currently Global Protect HIP does not detect if the local firewall is enabled.
I have attached the information above.
 

image.png

 

Apple Firewall:

 

image.png

 

Global Protect HIP:

 

image.png

P.S
9 REPLIES 9

L3 Networker

Can you check what report is generated by the GP and then what is being sent to the firewall?

Take any user using that MAC version, and generate a dump report on the firewall CLI. Compare that with the previous MAC OS version, and notice the difference between the report generated and the report sent.

As such, I am not seeing anything reported yet, so once you have done the comparison and are convinced that this might be a bug, open a case and attach the collected logs and reports there. 

Below are a few KB articles that you can follow:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClshCAC

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boP1CAI



Cyber Elite
Cyber Elite

@Salathiwe,

Keep in mind that Sequoia is in beta and GlobalProtect isn't officially supported on this version of macOS yet. PAN will need to make some changes to facilitate this change, but if you open a support ticket you'll likely end up with the same response that I just gave you. For stuff like this, reaching out to your account team is what I personally find more useful so they can work internally to make sure engineers are aware of the issue without filtering through layers of support to just be told that betas aren't fully supported.

 

Should likely add, this is reproducible and isn't limited to you. 

Thanks for the article links, I will check them.

FWIW I was able to manually work around the firewall check but I haven't been able to figure out a way to work around the packet filter check. For the firewall, if you have an old copy of the alf plist file (/Library/Preferences/com.apple.alf.plist) you can manually set the global state flag as that is what global protect looks for it appears. I would love to figure out how to get around the packet filter but so far no luck. 

L0 Member

The check should be `/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate`.

L0 Member

Hi do you have any updates ? 

Not on my end

P.S

L0 Member

All sorts of issues with Sequoia's Firewall.  SSL/DNS/RDP/TimeMachine Backups - Google it.  Looks like it has been resolved in Mac OS 15.1 RC (24B82).

 

I know because I have just upgraded to that and the issues are no longer there.

 

You need to enable beta updates on the Mac to get the RC or wait for the official release.

 

Oh and no word of acknowledgment from Apple.

 

Adrian.

Hi Losdelrock

thank you for sharing this.
I will try this today

P.S
  • 6961 Views
  • 9 replies
  • 3 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!