4 Replies Latest reply on Sep 19, 2016 8:37 AM by patgmac1

    LANrev Agent and the Mac OS Firewall

    systems@age.mpg.de Rookie

      When the LANrev Agent is updated to a new Version and the Mac OS Firewall is activated, Mac OS asks the user if the agent should be permitted to access the network.

       

      Many users then just click "do not allow", which blocks the agents in the firewall. So no software packages/ OS patches are installed, no commands can be sent to the client, etc.

      We can only manually unblock the agent in the firewall settings, which is a lot of walking around when managing around 200 Mac devices.

       

      Has anyone found a way to permanently allow the Agent to access the network without disabling the MacOS firewall?

       

      Because the problem occurs everytime the agent is updated to a new version, which is pretty annoying.

        • 1. Re: LANrev Agent and the Mac OS Firewall
          patgmac1 Expert

          Yes, it's very annoying that every other version of LANrev doesn't get the agent signed.

           

          I got around this by creating a custom info item with the following:

           

          #!/bin/bash

          osSubVer=$(sw_vers -productVersion | cut -d '.' -f 2)

          lanrevBlocked=$(/usr/libexec/ApplicationFirewall/socketfilterfw --listapps | grep -A 1 "LANrev Agent.app"| grep -i incoming | awk ' { print $2 } ' )

           

          if [[ $osSubVer -gt "6" ]]; then

              if [[ $lanrevBlocked == Block* ]]; then

                  /usr/libexec/ApplicationFirewall/socketfilterfw --unblock "/Library/Application Support/LANrev Agent/LANrev Agent.app" 1>/dev/null

                  echo "Lanrev Unblocked"

              else

                  echo "No ALF Changes Made"

              fi

          fi

          1 of 1 people found this helpful
          • 2. Re: LANrev Agent and the Mac OS Firewall
            sgillaspy Apprentice

            Sorry, Patrick, how does this work if we can't run commands or scripts?  Can you post a screenshot?  Thanks!

            • 3. Re: LANrev Agent and the Mac OS Firewall
              patgmac1 Expert

              Add it as a custom info item that gets run on every heartbeat.

               

              Screen Shot 2016-09-19 at 10.21.07 AM.png

              2 of 2 people found this helpful
              • 4. Re: LANrev Agent and the Mac OS Firewall
                patgmac1 Expert

                Also, you should consider adding this key to your LANrev server:

                 

                CheckforDeferredCommandsOnHeartbeat

                 

                Screen Shot 2016-09-19 at 10.35.49 AM.png

                 

                With this setting, even if the clients firewall is blocking the agent (or if the agent is unreachable, on a different network or behind a NAT), it will still execute commands you throw at it the next time it sends a heartbeat.

                1 of 1 people found this helpful