I updated our extensions in ePO yesterday to the latest Feb 2021 releases so the ENS Firewall extension is now 10.7.0.843 in our ePO 5.10 Update 9 on prem solution. Today I went to update an ePO -> Firewall Catalog -> Network entry which is a list of blocked IPs. The current Network item has 64 IPs in it and I'm trying to add a 65th now. It allows me to Save the Network entry but when I click Ok on the next page that warns "The root item in the tree below is about to be saved. Changes to that item will be propagated to all the objects that contain that item. You may break dependencies to prevent change propagation." instead of then propagating the change to all the Policies using it, it instead errors saying "An unexpected error occurred." and the Network entry if you go back to it no longer has the IPs that were added to it.
I can make an all new Network entry with a single IP in it and then add that to the Rule that uses the above Network entry that keeps failing. That successfully allowed me to save out and propagate the new blocked IP. I then edited that Network item and was able to add a 2nd IP to it and save it out.
We have another system running HIPS Firewall still and it allows us to go beyond 64 entries per Network entry as I just saved the same set of IPs to it right before trying the ENS Firewall update.
Is this a bug in the new extension or a limitation in firewall Network items? If it's a limitation throwing an error after the Save is completed successfully on another screen seems rather odd.
Thank you for reaching Mcafee community.
I reviewed your post, to further assist you with the query, can you share a copy of your policy, so that we can try to check on our test machine and help you/suggest you.
I look forward to your reply.
I've attached an zip file with export of the Firewall Catalog -> Network item I'm trying to update and the Firewall Catalog -> Rule that is using it. This Rule is used in a number of Firewall policies to block IPs which are pretty much just copies of the built in default policies.
I couldn't find the attachment to this post so only It took time to reply to your post.
Can you try to attach the policy once again to the post?
I look forward to your reply.
I tried to import the policies to my epo but I am getting the below error. Could you share a fresh copy of the policy along with a screenshot of the 65th entry that you are making.
Below is a screenshot of the Firewall Catalog -> Network item I'm trying to update showing the new 65th item at the bottom. I can click Save and it goes to the next page to then inform me this will impact existing rules and if I want to continue. When I hit OK there is when it errors and it removes the changes I've made.
I've found that if a Firewall Catalog -> Network -> List does not contain an address type of Subnet you can have more than 65 entries, as soon as you add in a Subnet address type making the list longer errors.
EDIT: I've found I can't save any Network list that has a Subnet in it at all anymore. I tried making a new test Network entry and just added a single Subnet address type (188.8.131.52/24) and it errors as soon as I try to save it.
EDIT 2: If I do a Address Type of Range instead and do 184.108.40.206-220.127.116.11 those I can save.
Thank you for your continuous updates and our sincere apologies for the delay here.
I was able to reproduce the issue in house.
Certainly looks like a limitation to me, however, We may need an official statement from Engineering to confirm the same.
May I request you to have a support request logged with us referring to this post so that we can have this looked into internally and get back to you with an assuring update?