1 of 1 people found this helpful
When I put the firewall in learn mode, vCenter starts up without a problem because all applications and ports are allowed.
FYI, HIPS Learn mode does not allow all traffic. It works the exact same as Adaptive mode, except for Learn mode displays user prompts to ALLOW/BLOCK traffic, whereas Adaptive mode is an automatic ALLOW choice.
The two applications\ports that are getting blocked are:
- Microsoft.Active.Directory.WebServices (Micrsoft.ActiveDirectory.WebServices.exe) \ldap 389 . Source and Destination are both 127.0.0.1, the IPV4 loopback address.
- Active Directory Lightweight Directory Services (dsamain.exe) \ Port 55966 on Source. Port 389 on Destination. Source and Destination are both 0000:0000:0000:0000:0000:0000:0001, the IPV6 loopback address. IPV6 is disabled on the system.
You should have a firewall rule that always allows Loopback traffic through the Firewall; this applies to IPv4 127.0.0.1 (and possibly 127.0.0/8) traffic, and possibly IPv6 loopback traffic ::1 address. See McAfee Corporate KB - Host Intrusion Prevention 8.0 Loopback traffic blocked when firewall is enabled KB71230.
The strange thing is that both of the applications are trusted and should be allowed by the firewall.
FYI, HIPS Trusted Application rule only allow Outbound traffic though; this does not apply to Inbound traffic (create a separate rule to allow Inbound traffic).
I did check the threats to the system. None showing. I've completely removed HIPs and re-installed it.
FYI, HIPS does not generate "Threat" events for Firewall activity (Blocked/Allow traffic). Monitor the HIPS Activity log for ALLOWED/BLOCKED traffic (enable the LOG ALL ALLOWED/BLOCKED TRAFFIC filter options as needed).
That was it: Allow Loopback.
That solved my problem. Thank you very much. We've been searching for an answer for that for a long time. We also had the same issue with DNS.