cancel
Showing results for 
Search instead for 
Did you mean: 
McDuff
Level 10

Identifying the unsupported protocols that are being blocked by HIPS 8 firewall

Jump to solution

Greetings

Does anyone know how to identify what unsupported protocols are being blocked by the HIPS firewall?  This is what I'm seeing in the logs:

I also see this article https://kc.mcafee.com/corporate/index?page=content&id=KB66899  which talks about how we can disable blocking unsupported protocols, but I'd like to know what these protocols that are being blocked actually are.

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: Identifying the unsupported protocols that are being blocked by HIPS 8 firewall

Jump to solution

Enable HIPS debug logging and review the debug Firesvc.log file for the Ethernet type value.  You'll then have to find out what the Ethernet Type value is associated with, such as https://en.wikipedia.org/wiki/EtherType

































































06/10/2016 09:06:34.831 FireCore.cpp[6144]VERBOSE  (2988) handleNotificationEventLog() - traffic event received:
Mode = traffic
Process id = 0
Event type = FW_LOG_EVENT_TYPE_TRAFFIC
Direction = FW_DIRECTION_INBOUND
Action = FW_ACTION_ALLOW
Source port = 138
Dest port = 138
Ip protocol = 17
Ethernet type = 0x800
Process path =
Local ip addr = 192.168.2.255
Remote ip addr = 192.168.2.102
Source MAC = 00-50-56-01-04-66-00-00
Dest MAC = ff-ff-ff-ff-ff-ff-00-00

5 Replies
McAfee Employee

Re: Identifying the unsupported protocols that are being blocked by HIPS 8 firewall

Jump to solution

Enable HIPS debug logging and review the debug Firesvc.log file for the Ethernet type value.  You'll then have to find out what the Ethernet Type value is associated with, such as https://en.wikipedia.org/wiki/EtherType

































































06/10/2016 09:06:34.831 FireCore.cpp[6144]VERBOSE  (2988) handleNotificationEventLog() - traffic event received:
Mode = traffic
Process id = 0
Event type = FW_LOG_EVENT_TYPE_TRAFFIC
Direction = FW_DIRECTION_INBOUND
Action = FW_ACTION_ALLOW
Source port = 138
Dest port = 138
Ip protocol = 17
Ethernet type = 0x800
Process path =
Local ip addr = 192.168.2.255
Remote ip addr = 192.168.2.102
Source MAC = 00-50-56-01-04-66-00-00
Dest MAC = ff-ff-ff-ff-ff-ff-00-00

McDuff
Level 10

Re: Identifying the unsupported protocols that are being blocked by HIPS 8 firewall

Jump to solution

Thanks I'll try that right now.

0 Kudos
McDuff
Level 10

Re: Identifying the unsupported protocols that are being blocked by HIPS 8 firewall

Jump to solution

Sorry for the very delayed response.  Yes, that worked, I was able to identify the protocol (0x9000 - Ethernet Configuration Testing Protocol).  Appreciate the tip


So I guess my next obvious question is would it be a good or a bad practice to enable then option "Allow traffic for unsupported protocols"?  I'm not entirely familiar with this Ethernet testing protocol, but I'm told it's for checking for duplicate IPs

0 Kudos
silvind
Level 7

Re: Identifying the unsupported protocols that are being blocked by HIPS 8 firewall

Jump to solution

Good afternoon,

What group do I have to follow in order to get assistance with HIPS ?

0 Kudos
McDuff
Level 10

Re: Identifying the unsupported protocols that are being blocked by HIPS 8 firewall

Jump to solution

This is the correct forum, you can post your questions here

0 Kudos