cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
brentil
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 16

ENS Firewall extension 10.7.0.843 issue or limitation?

I updated our extensions in ePO yesterday to the latest Feb 2021 releases so the ENS Firewall extension is now 10.7.0.843 in our ePO 5.10 Update 9 on prem solution.  Today I went to update an ePO -> Firewall Catalog -> Network entry which is a list of blocked IPs.  The current Network item has 64 IPs in it and I'm trying to add a 65th now.  It allows me to Save the Network entry but when I click Ok on the next page that warns "The root item in the tree below is about to be saved. Changes to that item will be propagated to all the objects that contain that item. You may break dependencies to prevent change propagation." instead of then propagating the change to all the Policies using it, it instead errors saying "An unexpected error occurred." and the Network entry if you go back to it no longer has the IPs that were added to it.

I can make an all new Network entry with a single IP in it and then add that to the Rule that uses the above Network entry that keeps failing.  That successfully allowed me to save out and propagate the new blocked IP.  I then edited that Network item and was able to add a 2nd IP to it and save it out.

We have another system running HIPS Firewall still and it allows us to go beyond 64 entries per Network entry as I just saved the same set of IPs to it right before trying the ENS Firewall update.

Is this a bug in the new extension or a limitation in firewall Network items?  If it's a limitation throwing an error after the Save is completed successfully on another screen seems rather odd.

Tags (1)
15 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 16

Re: ENS Firewall extension 10.7.0.843 issue or limitation?

Hello,

Thank you for reaching Mcafee community.

I reviewed your post, to further assist you with the query, can you share a copy of your policy, so that we can try to check on our test machine and help you/suggest you.

I look forward to your reply.

brentil
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 16

Re: ENS Firewall extension 10.7.0.843 issue or limitation?

I've attached an zip file with export of the Firewall Catalog -> Network item I'm trying to update and the Firewall Catalog -> Rule that is using it.  This Rule is used in a number of Firewall policies to block IPs which are pretty much just copies of the built in default policies.

Former Member
Not applicable
Report Inappropriate Content
Message 4 of 16

Re: ENS Firewall extension 10.7.0.843 issue or limitation?

Hello,

I couldn't find the attachment to this post so only It took time to reply to your post.

Can you try to attach the policy once again to the post?

I look forward to your reply.

brentil
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 16

Re: ENS Firewall extension 10.7.0.843 issue or limitation?

File is now attached to my previous post.

Former Member
Not applicable
Report Inappropriate Content
Message 6 of 16

Re: ENS Firewall extension 10.7.0.843 issue or limitation?

Hello,

 

I tried to import the policies to my epo but I am getting the below error. Could you share a fresh copy of the policy along with a screenshot of the 65th entry that you are making.

 

01Capture.PNG

 

 

brentil
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 16

Re: ENS Firewall extension 10.7.0.843 issue or limitation?

Because they weren't policies, they're individual Firewall Catalog Rule and Network items.

brentil
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 8 of 16

Re: ENS Firewall extension 10.7.0.843 issue or limitation?

Below is a screenshot of the Firewall Catalog -> Network item I'm trying to update showing the new 65th item at the bottom.  I can click Save and it goes to the next page to then inform me this will impact existing rules and if I want to continue.  When I hit OK there is when it errors and it removes the changes I've made.

 

brentil
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 9 of 16

Re: ENS Firewall extension 10.7.0.843 issue or limitation?

I've found that if a Firewall Catalog -> Network -> List does not contain an address type of Subnet you can have more than 65 entries, as soon as you add in a Subnet address type making the list longer errors.

 

EDIT:  I've found I can't save any Network list that has a Subnet in it at all anymore.  I tried making a new test Network entry and just added a single Subnet address type (1.1.1.0/24) and it errors as soon as I try to save it.

 

EDIT 2: If I do a Address Type of Range instead and do 1.1.1.0-1.1.1.255 those I can save.

AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 10 of 16

Re: ENS Firewall extension 10.7.0.843 issue or limitation?

HI @brentil,

Thank you for your continuous updates and our sincere apologies for the delay here.

I was able to reproduce the issue in house.

Certainly looks like a limitation to me, however, We may need an official statement from Engineering to confirm the same.

May I request you to have a support request logged with us referring to this post so that we can have this looked into internally and get back to you with an assuring update?

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community