Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
567 Views 3 Replies Latest reply: Nov 27, 2013 8:28 AM by keithdrone RSS
keithdrone Apprentice 56 posts since
Jan 28, 2013
Currently Being Moderated

Oct 30, 2013 4:34 PM

HIPS 8 firewall blocking cisco agent - no evidence

We have a very odd situation,  we have clients with HIPS 8, Windows 7.   They have the Cisco Call Agent, and Cisco Supervisor for our call centers.

 

The ports are documented for the agents and supervisors, and the ports are allowed.  Still the Supervisors cannot 'monitor' the calls occuring on the agents.   The Supervisor communicates with the agents via the UCXX servers

 

We have gone so far as to-

Allow ALL traffic to/from the UCXX servers to the supervisors/agents

Allow ALL traffic from the Cisco Agent/Supervisor application/executables

Disable IPS (though nothing was showing on this anyhow).

Allow ALL traffic to/from Supervisor/Agents individually, to test if anything was passing directly between them.

Disable IP Spoofing and FTP inspection.

 

Regardless, Supervisor is not able to monitor calls on an endpoint with Agents.  When we disable the firewall entirely, it will work.   We cannot find any evidence that additional traffic is being blocked, nothing shows in the Debug logs.   Yet, when we turn 'off' the Firewall in HIPS 8, everything works.

 

All logic tells me that since nothing else is being blocked, this should not be occurring.    I'm grasping at straws, so if anyone has experience with the Cisco Call Agent and Supervisor software when using HIPS 8, please pipe in any data you have.

 

Thank you

  • wkhanagov Newcomer 1 posts since
    Nov 26, 2013

    Hi Keith,

     

    Curious if you found a resolution.  I'm fighting a similar issue.  Just to shed a little light on the way monitoring works.   The the voice conversation is spanned from the voice (switch side) port on the Cisco phone over to the PC port so that the agent application can get the RTP voice traffic (both sides of the conversation).  When the voice monitor is initiated from the supervisor, the agent apps simply streams the conversation to it.  My background is in Cisco voice so I'm not as familiar with the McAfee product, however, working with our internal McAfee SMEs we were able to get one side of the conversation (far end).  When we disable the firewall on the agent phone, the supervisor can hear both sides of the conversation.

     

    If you've had any success in this, please let me know.  It would be greatly appreciated.

     

    -William

  • Kary Tankink McAfee Employee 654 posts since
    Mar 3, 2010

    Try using an "Allow Any/Any" ruleset.  Multiple policy settings need to be changed, not just the Firewall Rules policy.

     

    KB67055 – How to troubleshoot a network facing application,or traffic is blocked by Host Intrusion Prevention firewall

    https://kc.mcafee.com/corporate/index?page=content&id=KB67055

     

    Section: Use the Any-Any rule

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points