cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

An unexpected error occurred while editing an ENS firewall policy

Jump to solution

Using ePO 5.10 patch 7, brand newer server and fresh install of ePO. Using latest ePO ENS extensions.

So I created a fw rule for ENS and saved the policy. Now, every time I try to get back into the main policy, I get "an unexpected error occurred". Remembering this from my HIPS days, I'm certain I wrote an invalid rule. (Crazy (to me) that ePO will still let you save an invalid rule that corrupts the policy)).... well, I'm 99% certain that this is the problem. I opened an SR with support but wanted to see if anyone here ran into this before and has a fix.

THANKFULLY, I created a backup of the firewall policy earlier in the day and it saved me but is there any way to recover a corrupted policy?

 

Labels (1)
1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 12

Re: An unexpected error occurred while editing an ENS firewall policy

Jump to solution

Ok, when you enable policy approvals, all global administrators are automatically approvers.  If I, as an admin, make a change to a policy and submit it for review, I cannot approve my own policy.  In the policy catalog you will see pending approvals.  As the one that made the change, I can only view.  If I log in as other global admin, then I have option to approve or reject.  The same goes with client tasks, which can help reduce unwanted deployments made in error.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

11 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 12

Re: An unexpected error occurred while editing an ENS firewall policy

Jump to solution

Not really.  Any time I have dealt with corrupt policies, they need deleting.  I would suggest deleting it, then re-import your backup copy of it.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: An unexpected error occurred while editing an ENS firewall policy

Jump to solution

Do you think it's possible to build logic into ePO so that it won't let you save a malformed policy?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 12

Re: An unexpected error occurred while editing an ENS firewall policy

Jump to solution

That would be an awesome feature.  Please submit that per kb60021.  Yes, you would think it should already be there, but one thing might help.  ePO 5.10 has an approval feature where a policy can be saved in a temporary state until it is approved by someone with approval rights.  That would prevent any original policy from being overwritten and when approver tries to open it to review changes and gets unexpected error, that would be good reason to discard the changes so your original policy would stay intact.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: An unexpected error occurred while editing an ENS firewall policy

Jump to solution

That's good to know.... about the approval stuff. I was poking around in there and just had a quick question. Since this is our production environment, I need to be extra careful..... 🙂 ..... my entire team, we're all admins. Dumb question but if I check the box stating that even admins need approval, I'll be able to approve my own change, right? (Don't want to get into a situation where I check that box and now all of a sudden, nobody in my team can do anything and I created a negative feedback loop and we're locked out or something)

 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 12

Re: An unexpected error occurred while editing an ENS firewall policy

Jump to solution

I don't believe you can approve your own policy changes, so I would suggest maybe 2 approvers so that you can approve each other's changes.  Let me test your scenario first please.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 12

Re: An unexpected error occurred while editing an ENS firewall policy

Jump to solution

Ok, when you enable policy approvals, all global administrators are automatically approvers.  If I, as an admin, make a change to a policy and submit it for review, I cannot approve my own policy.  In the policy catalog you will see pending approvals.  As the one that made the change, I can only view.  If I log in as other global admin, then I have option to approve or reject.  The same goes with client tasks, which can help reduce unwanted deployments made in error.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

View solution in original post

Highlighted

Re: An unexpected error occurred while editing an ENS firewall policy

Jump to solution

We did our testing over here and everything looks AOK!

I do have one final question.... do you know how to create a bad rule and corrupt the policy? 🙂 While doing my testing just now, I tried to do what I could have sworn corrupted the other policy and it was fine. I want to get the policy busted and see that brokenness while the policy is in review state.

 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 12

Re: An unexpected error occurred while editing an ENS firewall policy

Jump to solution

That you might want to ask the ENS team about.  I don't support that product, so I don't know what would be any invalid entry.  Do you know what you entered before when it apparently broke the policy?  

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: An unexpected error occurred while editing an ENS firewall policy

Jump to solution

I -think- the rule I created that killed my policy was creating a rule that had two EXEs listed in a single rule. We've been creating rules in the new policy for many many weeks with no issues. This new rule was the first time I created a rule in the new policy that listed two EXEs. Maybe that was it, maybe not but I'll post in the ENS firewall section and ask about how to create a bad policy.

I'll mark your 'approval feature' reference as a solution. Thanks for your time!

 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community