4 Replies Latest reply on Dec 15, 2017 11:52 AM by eobiont

    ENS Firewall Catalog Bug

    eobiont

      I have some applications that require multiple rules.  They have multiple applications that need to listen on different ports.

      In order to keep these rules together, I create a group and add the rules to that group.

       

      So let's say I have a group called "BusinessApp" and it has 4 sub rules.

       

      Then I have a couple of groups, one called "Outbound Apps Accounting" and "Outbound Apps Auditing"

       

      If I add the "BusinessApp" group from the catalog to both "Outbound Apps Accounting" and "Outbould Apps Auditing" then the group "BusinessApp" will get listed twice in the Firewall Catalog group list.

       

      Even though it is listed twice, it only really exists once.  If I rename the first "BusinessApp" group to "BusinessAppA", then the Firewall will now show two "BusinessAppA" groups.

       

      This causes confusion in the interface because it will have double lists for all groups that appear as a subgroup rule in other parent groups.

       

       

      Does anyone have information on how to file bugs?

        • 1. Re: ENS Firewall Catalog Bug
          Kary Tankink

          Which ENS Firewall extension build are you using?   Please see if you can reproduce this with the ENS 10.5.3 extension.  If so, open a case with McAfee Support with documentation on steps to reproduce.  It might be related to the Resolved Issue below.

           

           

           

          McAfee Corporate KB - Endpoint Security 10.5.3 Release Notes PD27192

          1188069 Only one instance of a location now appears in the Firewall Catalog, regardless of how many groups contain the location.

          • 2. Re: ENS Firewall Catalog Bug
            eobiont

            We have installed 10.5.3.  Still have massive duplicates in the network locations (as noted as corrected in 10.5.3)  The group duplication is a similar problem..

            I am not sure if the 10.5.3 extension is supposed to correct the problem, or only correct the problem for future rule creation.

             

            I have almost a dozen "local subnet" network items because that one appears in many rules.

             

            There definitely is a change to the way the firewall groups and subgroups show in the Firewall Catalog, but not in a good way.

             

            When you edit a group that appears as a subgroup in another Group, it shows the first group as a "rule" and the second group as a group.  It is hard to explain without being in the console - but I think the problem is worse with 10.5.3 installed.

            • 3. Re: ENS Firewall Catalog Bug
              youngs

              Hi, I hopefully can shed some light on this... The 10.5.3 extensions fixed most of the duplication issues that we discovered during our first round of testing.

               

              The issue where you would have a group within in a group and it is duplicating is still an outstanding issue, this issue is set to be fixed in 10.5.4 (hopefully Q1 time frame in 2018),  I worked with support on  these issues and tested POC's for both 10.5.3 and 10.5.4 within our environment.   The POC for 10.5.4 I tested did resolve the duplicating groups in the firewall catalog.

               

              Hope this help, if you like let me know and I can probably share our related SR#

               

              Scott

              • 4. Re: ENS Firewall Catalog Bug
                eobiont

                Thanks for helping McAfee to test the fix and your offer to share the SR.  I can wait for the hotfix to be released.  It is not blocking anything in the product but it sure makes editing the catalog rules confusing