1 2 Previous Next 10 Replies Latest reply on Nov 23, 2014 9:05 PM by chanatip

    Problem about with SMC 5.7.1

    chanatip

      Hello Everyone ^^

       

      I have  two questions about with problem of SMC.

       

      I) I have got to create policy then I get validate policies and selecting analyze rule that the rule policy which some duplicate.

         Result in the following message : "Rule@2436.6 is unreachable.The rule @2435.4 is match also same network details." as detail screenshot below.

      Issue1.png

      * In this section I understand.

       

      But I don't know that why when i change service the rule 15.1 to "Any TCP Service" appear that it don't check validate ? as detail screenshot below.

      Issue2.png

      * It's don't validate check that the rule policy duplicate or unreachable. why?



      II) If I want to see log that near full and delete or clear log. I need to do or have a documentation  or method to do ?


      Thank you in advance. ^_^

        • 1. Re: Problem about with SMC 5.7.1
          lnurmi

          Hi!

           

          I) unreachable rule validation with port ranges will be improved in 5.7.4 and 5.8.2 releases: https://my.stonesoft.com/support/document.do?product=StoneGate&docid=1108881 (fixing versions not yet updated to known issue)

           

          II) Do you mean you'd like a notification if the Log Server disk is getting full? Or firewall disk is getting full? In first case Log Server will raise alerts to SMC about this (situations "Log Server: disk is becoming full" and "Log Server: disk full"). Tasks can be scheduled in SMC to automatically delete and/or archive old logs, see Getting Started with Log Data Management

          If firewall disk is getting full the cluster element would go red in SMC and the node would have an exclamation mark on it. The appliance status tab in node info panel would show you what partition is full.

           

          BR,

          Lauri

          • 2. Re: Problem about with SMC 5.7.1
            chanatip

            Hi Lauri ^^

             

            I) Do you mean it's problem version? The SMC version 5.7.4 and 5.8.2 can be verify unreachable rule getting validation?

             

            Thank you in advance.

             

            II) Yes I do. I would like a notification if the Log Server is getting full and I want to delete Log Server if Log Server disk full.

            * I will be experiment the way you suggest.^_^

            • 3. Re: Problem about with SMC 5.7.1
              thyvarin

              Hello,

               

              I) Yes, like known issue mentions, there's issue in how policy validation works in currently available SMC versions, and thus validation doesn't always detect the unreachable rules:

               

              Policy validation may not detect unreachable rules with overlapping Service

              definitions. Two rules with the same Source and Destination definitions and

              overlapping (but not identical) Service destination port ranges do not trigger

              a warning about unreachable rules.

               

              II) Alert is created automatically and it will be visible in SMC active alerts view. If you wish to get e.g. email notification when alert is generated, you'll need to configure alert escalation. For instructions, please see chapter 19 "Alert Escalation" from 5.7 Administrator's Guide (start page 259):

              McAfee KnowledgeBase - Security Management Center (SMC) Administrator’s Guide 5.7

               

              For log task instructions see chapter 60 "Managing Log Data" starting at page 1033.

               

              BR,

              Tero

              • 4. Re: Problem about with SMC 5.7.1
                chanatip

                Hi, Tero ^^

                 

                I ) Ok, If you say that it is SMC versions, if so, you have link download SMC version 5.7.4 or 5.8.2 ? I tried found to it but do not found. as detail screenshot below.

                 

                * I want to download to be zip file for easily installation.

                 

                i1.png

                 

                 

                i2.png

                 

                Thank you in advance

                 

                Regards

                Sarm

                • 5. Re: Problem about with SMC 5.7.1
                  thyvarin

                  Hi,

                   

                  SMC 5.7.4 and 5.8.2 have not been released yet. Thus they are not available for download. I think 5.7.4 should be coming late November or early December.

                   

                  BR,

                  Tero

                  • 6. Re: Problem about with SMC 5.7.1
                    chanatip

                    Hi, again Tero ^^

                     

                    Ok. If so, you have link download SMC 5.7.3  be zip file ?  I see image file only. I want to download SMC 5.7.3 archive and usage for POC to customers for resolve can not view policies rule previous SMC versions.

                     

                    *I'm sorry, my English is not well

                     

                    Thank you in advance.

                     

                    Regards

                    Sarm

                    • 7. Re: Problem about with SMC 5.7.1
                      lnurmi

                      Hi,

                       

                      for the older versions only ISO files are available for download. The content in zip and ISO regarding SMC installer are exactly the same so I would recommend just downloading the ISO, extracting the 'Documentation' and 'McAfee_SMC_Installer' folders from it and zipping those. You may need to install some third party software to mount the ISO to be able to extract the folders.

                       

                      BR,

                      Lauri

                      • 8. Re: Problem about with SMC 5.7.1
                        chanatip

                        Hi, Inurmi

                         

                        Ok,Thanks for your help.^_^

                         

                        Otherwise,I ask one question ?

                        SMC it is detected Management Server that "active - replicate error". Do you know that this problem happen from nothing ?  please see detail as screenshot below.

                        smc.png

                         

                        Regards

                        Sarm

                        • 9. Re: Problem about with SMC 5.7.1
                          pollilai

                          Hello,

                           

                          This problem could be caused by a certificate issue. Check if management server and log server are using certificates signed by different certificate authorities from the 'Internal certificates screen'. If they are, renewing the log server certificate should help. Instructions for renewing the certificate can be found from here:

                           

                          Renewing SMC Server Certificates

                           

                          Br,

                          Pekka

                          1 2 Previous Next