cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ktankink
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 11 of 16

Re: ENS Firewall extension 10.7.0.843 issue or limitation?

Hi @brentil Please see the KB below.

KB94226 - Unable to edit a policy that contains a Subnet value using CIDR notation
https://kc.mcafee.com/corporate/index?page=content&id=KB94226

brentil
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 12 of 16

Re: ENS Firewall extension 10.7.0.843 issue or limitation?

Excellent, subscribed to the article for upcoming resolution.  

ezim
Level 9
Report Inappropriate Content
Message 13 of 16

Re: ENS Firewall extension 10.7.0.843 issue or limitation?

Hello @ktankink ,

Have you guys got an estimate on when this issue is likely to be fixed?

I'd rather not implement workarounds or reconfigure firewall rules if a fix is to be expected soon.

 

Thank you

ktankink
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 14 of 16

Re: ENS Firewall extension 10.7.0.843 issue or limitation?

Hi @ezim I can't share an exact date, but this is tentatively scheduled for a late April fix.  I would recommend implementing the workaround though as it's just a single file replacement and it doesn't require anything special beyond that.  Simply reloading the ePO Policy Catalog page for ENS Firewall will implement workaround the issue with the new ip.js file from the KB (e.g., no need to restart ePO services, etc.)

Or avoid using any Subnet CIDR values in your firewall rules for now.  Alternatively, you can also use Subnet Range values instead and they would still be the same subnet entries as defined with CIDR notation values.

ezim
Level 9
Report Inappropriate Content
Message 15 of 16

Re: ENS Firewall extension 10.7.0.843 issue or limitation?

Hello @ktankink 

Thank you for your reply.

Am I correct in thinking then, that the issue only occurs if you try to update a firewall policy or "Firewall Catalog - Network" entry after the extension has been updated to 10.6.1.1489 (Feb 21 update) and the ip.js file has not been replaced?

The KB94226 mentions to export the FW policies and after replacing the ip.js file importing them again.
Is this only necessary if you've already got "broken" policies?

ktankink
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 16 of 16

Re: ENS Firewall extension 10.7.0.843 issue or limitation?

Hi @ezim 

  • The issue (affecting FW policies or Catalog entries) only occurs after you upgrade to the ENS 10.6.1 or 10.7 Feb2021 Extension Update (and if the KB ip.js file is not implemented).
  • The ip.js file replacement is to prevent the issue from occurring and includes the same fix that will be in the future solution.
  • Having an export of the Firewall policies is suggested anytime changes are being made to the ePO server or having a good ePO database backup.
  • If any firewall policies are affected by this issue, they will need to be corrected by McAfee Support.  The workaround/solution does not fix any affected policies.
  • Alternatively, if you have a backup of the Firewall policies, you can restore those policies back to an unaffected state.
  • If you don't have the KB94226 ip.js file replacement: avoid using the Subnet CIDR values.
  • If you do have the KB94226 ip.js file replacement: fix the affected firewall policies (either through restoring backups or via McAfee Support) and continue using the Subnet CIDR values.
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community