I am posting this here so that others who are working with the McAfee firewall may benefit from my experience.
Troubleshooting firewall blocks on a Mac is not a trivial task. You can use adaptive move to help determine what rules you need, but the logging leaves something to be desired. The first step is to enable logging for the Firewall product on Mac.
There is a McAfee KB that explains how to do this.
Basically you want to change the debug level from ERROR to INFO(or DEBUG if necessary). At the error log level, it does not appear that any firewall denies or allows are logged.
From a terminal window type the following:
sudo sysctl kern.com_mcafee_firewall_log=4
This will dump all the mcafee firewall related logs to /var/log/system.log. After a while I found this was less then desirable and made it difficult to troubleshoot firewall problems. I realized the best thing to do is to segregate these into their own file so we can use log rotation, compression, etc. To do this edit the ASL config file. This file is located in /etc/asl.conf. It is best to edit this from the terminal using nano or someone text editor.
Add the following 4 lines directly above the line that says "# Rules for /var/log/system.log"
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.