Reconnecting after Network Quarantine of Capture Client Endpoint behind a SonicWall firewall
05/27/2021 0 515
An endpoint behind a SonicWall firewall running Capture Client with firewall enforcement enabled when moved to network quarantine (i.e., disconnected from network), "Reconnect"triggered via "Threat details" page of Capture Client management console does not work.
A known issue in the SonicWall Firewall configuration prevents "Reconnect" action from endpoint to establish connection with SentineOne server. This is targeted to be fixed in the upcoming builds of SonicOS. Till then, below workaround should be followed.
On the device to be reconnected to network, perform below steps:
Press the Windows Start key.
Right-click Command Prompt and select Run as administrator.
Go to the [C:\Program Files\SentinelOne\Sentinel Agent <Version>]
Obtain "S1 Passphrase" from Capture Client management console for the device.
Go to "Devices" section on Capture Client management consol
Click on "Download devices list" icon on top right corner.
Open the downloaded csv.
Look for "S1 Passphrase" for the respective device in the csv.
Remove network quarantine on the endpoint by running below commands sentinelctl unprotect -b -k <S1 PASS PHRASE> sentinelctl unquarantine_net sentinelctl protect
Endpoint should reconnect to the network.
If the device doesn't connect, wait for few minutes to confirm and perform a reboot.