Common problem solutions
75
Uninstalling EFW
Suggested Solution
NOTE:
For complete instructions on uninstalling EFW, see “Uninstalling EFW” on page 23.
An end user on a secured
computer uninstalled EFW
using the Windows Add/
Remove program
If you use the Windows Add/Remove program to remove EFW, only the EFW agent software is
removed. The EFW firmware on the NIC is not affected and continues to enforce its policy until its
host computer is rebooted. When the host computer is rebooted, the NIC is unable to locate its Policy
Server without assistance from the agent software, and begins to enforce the Fallback mode from its
last policy. The behavior of the NIC (and thus the computer) depends upon this mode, which may be
Allow All Traffic, Block All Traffic, or No Sniffing.
You may restore the secured computer to a fully functional EFW installation using the
3Com
Embedded Firewall Installation CD
to re-install EFW on this computer. Install the EFW NIC using the
Custom installation option.
NOTE:
Administrative privileges are required to perform a Windows uninstall of EFW on Windows NT
or Windows 2000 computers. To minimize the risk of a user removing the EFW agent software from
his or her computer, limit administrative privileges to users who require them.
Received a warning when
attempting to delete a NIC
from the Management Console
If the secured computer for a NIC is offline or otherwise unreachable, you are warned when
attempting to delete it using the Management Console. However, you are given the option to delete
the NIC from the system anyway. Generally, you should not delete the NIC if you receive this
warning. A clean deletion from the Management Console is the only way to effectively uninstall EFW
from a NIC.
If you cannot delete the NIC from the Management Console but the NIC is online, perform a Policy
Server-to-NIC Communication check (see “Policy Server-to-NIC Communication Check” on page 76).
Ongoing Operations
Suggested Solution
Secured computer reports that
it is locked out of the network
■
If the secured computer recently rebooted, check the Last Wakeup or Heartbeat field on the
Management Console NIC information window to determine if the Policy Server received the
wake-up communication associated with this reboot.
■
If the secured computer is unable to reach its Policy Server after a reboot, it begins to enforce the
Fallback mode. If the Fallback mode is Block All Traffic, the secured computer is not able to send
or receive network traffic. If the Policy Server did not receive a wake-up, then you need to
perform a Policy Server/ NIC Communication check (see "Policy Server-to-NIC Communication
Check" on page 76).
■
If the Policy Server received a wakeup, make sure the NIC status is
not
Secured-Blocking All
Traffic. If this status appears, click the
Allow Traffic
button at the bottom of the NIC information
window to fix this condition.
■
If a computer using DHCP has a No Spoofing policy enforced and attempts to renegotiate a new
address without rebooting, it is unable to access the network. Reboot the machine to regain
access. To prevent this problem, either remove the No Spoofing policy from the computer or do
not negotiate a new IP address for this computer except when rebooting it.
■
If you want to temporarily allow traffic to flow to or from a NIC while you are troubleshooting a
lock-out problem, you may create a device set with an assigned policy that allows all traffic (such
as the default policy), and temporarily move the NIC to that device set.
