Just deployed the HIPS 7.x FW in adaptive mode on some test/dev servers and noticed that a lot of things broke. ICMP (obviously) I expected to not work inbound per the documentation, but the weird thing is port 80 and 443 on webservers (some worked, some didn't). Still trying to get a full grasp on what exactly worked and didnt.
What I found in the document at here https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 20000/PD20748/en_US/18-na-cor-hipsatb-001-0808s.pdf is (on page 2) "A rule will not be created by firewall Adaptive Mode if: ... More than one user is logged on to the machien, or no user is logged on to the machine." So, this begs the question, is this firewall product not meant for servers? Most servers don't have someone logged onto them. I can understand Learning Mode where you need to be logged on to click the button, but Adaptive Mode? This could definitely explain the problem I encountered, but I've also seen documentation that doesn't mention that at all.
Is there someone, that can tell me if that's true?