If it's an unsupported protocol, the customer might have enabled the Allow Traffic for Unsupported Protocols option in HIPS 7.0 (KB66899), which would have passed this traffic. In HIPS 8.0, this same option exists, however there is added functionality that you don't have to allow ALL unsupported protocol traffic. You can now create a firewall rule based off a specific protocol number.
Find the blocked traffic in the Activity log. Create a firewall rule for that traffic. Depending on how it's logged, it could be unsupported protocols, which you can then create a firewall rule for the specific protcol number to pass.
We have done exaclty what you have suggested, which was to set up a firewall rule that specifically allows IPX, so thank you. That validates our workaround as the appropriate solution for the problem.
However, I can't tell is you are saying that IPX is an unsupported protocol as seen from the HIPS point or view. Am I reading between the lines too much? Also, I am familiar with the unsupported protocol option and we didn't have that selected in our 7.0 policies and that setting migrated over correctly to 8.0. The only change was that IPX was not sorted into an allow rule and fell to the bottom to the block all protocol rule. So was just curious what could possibily have changed.
Thanks again Kary.
How was your firewall rule configured to allow IPX procotol traffic? I only see IPX-IN-IP in the IP Transport Protocol list. I suspect the firewall rule you used is from the Non-IP Protocol list for Novell IPX and Novell IPX (alternate).
In HIPS 7.0, there is an IPX Network Protocol entry to choose from when creating a firewall rule. Did you have this rule before migrating the policies to HIPS 8.0. You might need to open a Service Request for investgation, but as far as I can tell from what you've stated, there was no firewall rule to allow the IPX traffic either because this rule didn't migrate properly from HIPS 7 or a new rule was needed in HIPS 8.0.
I can confirm that we did use the Novell IPX rule. I will consult with the rest of the team about opening an SR for investigation. Thank you.