cancel
Showing results for 
Search instead for 
Did you mean: 
greatscott
Level 12

Firewall issue

Has anyone ran across an issue where a system continues to receive blocks on the firewall, when there are already rules to permit the activity?

For example, the user has a firewall policy with a CAG in it. Within the CAG is an allow all. The criteria of the CAG was met, by being within a certain IP range. The traffic is typical IP traffic for 389, 445, etc. This system was recently upgraded to HIPS 8. The product was also removed (with the HIPS ripper tool), then reinstalled fresh and still continues to display this behavior.

Message was edited by: greatscott on 12/19/13 7:31:46 AM CST
0 Kudos
3 Replies
McAfee Employee

Re: Firewall issue

Verify the system is matching the CAG properly.  Enable debug logging, review the Firesvc.log file, and look for "Currently Active Locations".  Verify the adapter matches the CAG and also the network traffic is coming in/out of that specific adapter & IP address.

0 Kudos
greatscott
Level 12

Re: Firewall issue

Any idea on how to open the firesvc.log file after its been in logging for awhile? When the log viewer opens, it completely bombs out, im assuming from the log size.

0 Kudos
McAfee Employee

Re: Firewall issue

Use a better word editor than Notepad/Wordpad; there are plenty of alternatives (e.g., Notepad++, Textpad, etc.).

0 Kudos