Ventura firewall mobileconfig fails to install #173

New Issue

michael · 2026-01-19T18:29:30Z

michael commented

2026-01-19 18:29:30 +00:00

Originally created by @bernstei on GitHub.

Originally assigned to: @robertgendler on GitHub.

The com.apple.security.firewall.mobileconfig generated by the dev_ventura_stig branch cannot be installed on Ventura 13.4. It fails with the message

The payload "alacarte.macos.stig....." is missing the required key "EnableFirewall".

It appears to set EnableStealthMode, but maybe anything having to do with the firewall also requires the EnableFirewall key as well now? I'm not sure what value you'd want to default to, though, since presumably some people might want the Apple firewall while others might want some third party firewall.

I've attached the file (renamed to .txt)

com.apple.security.firewall.mobileconfig.txt

Originally created by @bernstei on GitHub. Originally assigned to: @robertgendler on GitHub. The `com.apple.security.firewall.mobileconfig` generated by the `dev_ventura_stig` branch cannot be installed on Ventura 13.4. It fails with the message ``` The payload "alacarte.macos.stig....." is missing the required key "EnableFirewall". ``` It appears to set `EnableStealthMode`, but maybe anything having to do with the firewall also requires the `EnableFirewall` key as well now? I'm not sure what value you'd want to default to, though, since presumably some people might want the Apple firewall while others might want some third party firewall. I've attached the file (renamed to .txt) [com.apple.security.firewall.mobileconfig.txt](https://github.com/usnistgov/macos_security/files/11560361/com.apple.security.firewall.mobileconfig.txt)

michael closed this issue

2026-01-19 18:29:30 +00:00

michael commented

2026-01-19 18:29:30 +00:00

@bernstei commented on GitHub:

I have confirmed that adding EnableFirewall true does allow the mobileconfig to install, BTW.

@bernstei commented on GitHub: I have confirmed that adding EnableFirewall true does allow the mobileconfig to install, BTW.

michael commented

2026-01-19 18:29:30 +00:00

@robertgendler commented on GitHub:

This is in dev_ventura_stig

@robertgendler commented on GitHub: This is in `dev_ventura_stig`

michael commented

2026-01-19 18:29:30 +00:00

@robertgendler commented on GitHub:

We missed the stig controls on system_settings_firewall_enable

But I think it would make sense for us to add the enable firewall stuff to stealth mode as well since it won't work without it.

@robertgendler commented on GitHub: We missed the stig controls on `system_settings_firewall_enable` But I think it would make sense for us to add the enable firewall stuff to stealth mode as well since it won't work without it.

michael commented

2026-01-19 18:29:30 +00:00

@robertgendler commented on GitHub:

This was merged into main. closing the issue.

@robertgendler commented on GitHub: This was merged into main. closing the issue.

michael commented

2026-01-19 18:29:30 +00:00

@robertgendler commented on GitHub:

Good find. I guess we have to add the key to enable the firewall to this control.

Did we miss labeling the enable firewall with a stig label maybe?

@robertgendler commented on GitHub: Good find. I guess we have to add the key to enable the firewall to this control. Did we miss labeling the enable firewall with a stig label maybe?

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: usnistgov/macos_security#173