I think this error is stopping an application from working correctly. How would I go about allowing it?
Time: 8/2/2010 9:42:20 AM
IP Address/User: 0.0.0.0
Message: Blocked Incoming Non-IP Protocol : 0x26
I'm having the same issue except my HIPS 8.0 FW is stating "Blocked Incoming Non-IP Protocol 0x6002" and I have the option to Allow traffic for unsupported protocols checked for both HIPS 7.0 and 8.0 policies, even though my clients are primarily inheriting 8.0 policies. If these two options are enabled, meaning pass the unsupported ip protocol traffic through (allow), how come my Activity Log is still being inundated with these messages? Any suggestions as to what more I can do to clear these up?
I'd greatly appreciate it.
Much appreciation for your reply back regarding 0x6002 being blocked via my HIPS 8.0 FW policy.
So here's the thing, I went ahead and created the FW rule as you suggested, pushed it to the endpoints via wake up call's, and the FW policy within the endpoint HIPS UI shows that the new rule has been added, yet the Activity Log continues to show that it is being blocked.
Any ideas of what I could do to get this to not be blocked?
Thanks so much for your help, Kary!
I'm sorry for cutting that off...the Block All Traffic is the rule that is blocking it. But, that is an in-place inherited rule that, if I understand correctly, I cannot modify...
Correct. For a test, make sure this rule is at the top of the Firewall Rule policy, and not in a LAG (Location Aware Group).
I would suggest opening a Service Request to have Support look at this. Your rule should be allowing this. Enable HIPS debug logging, and provide a MER to the support tech.
KB72869 - How to enable Host Intrusion Prevention 7.0/8.0 debug logging