8 Replies Latest reply on Oct 26, 2012 11:15 AM by loaned_brain

    HIP 8.0.0 Incorrectly allow through remote traffic under Allow Loopback rule?

      Hi Everybody,


      I am configuring the firewall for HIP deployment. While testing it, I discovered (HIP window -> Activity Log -> Traffic Logging -> Enable Log All Allowed) that the following traffic occures:


      Allowed Incoming TCP - Source 172.X.X.177: (60153) Destination 10.X.X.213 : ms-ds (445) Allow Loopback


      The packets in question are SMB packets. (Verified with Wireshark on both sending and receiving side)


      I narrowed it down, that the match is based on the "Local IP Address(es) = Any Local IP Address" option.

      Now, this traffic originates from another (physical) computer from a completely different subnet (but same corporate LAN).


      Is this a bug? This behavior is constant. If I disable this rule, the local loopback is disabled from the allowed traffic, I tried it. With this option enabled, the local loopbacks are working fine (and also allowes through other traffic).

      If I messed up something, what do I need to change in order to allow regular loopbacks and filter this odd behavior?




      Loaned Brain



      Security Content