TheWOneAndOnly
IS-IT--Management
Hi
Many rules that I distribute via epo are skipped by the firewall on the desktops???
example:
-I created following 2 rules (in epo console):
Rule 1:
Rule 2:
-I distribute both rules (that goes all fine)
-Then I start Outlook on a client and chack the logs of the firewall with following conclusions:
-What I did then to monitor the problem (on the client side):
1) -I duplicate rule 2 (I call it "Rule 3")
-Then I edit the Application of the rule (because I can't select the "Match" (rule handling) of a local created rule)
so the rule becomes:
Rule 3:
-Then I start Outlook on a client and chack the logs of the firewall with following conclusions:
2) -Then I changed the sequence of the 2 rules on the eposerver (rule2 followed by rule1) and distributed it
so the sequence now is:
So my conclusion till now is that I CAN'T trust this firewall because it skips (critical) rules.
I'm using:
-Eposerver 3.5 (+patch5)
-MDF 8.5 + patch 4
Some other dissapointing topics are that:
-MDF 8.5 patch 4 doesn't get distributed via epo???
-When I install MDF 8.5 patch 4 locally via the setup, the About still shows the old build nr 260 instead of 428
but when I check the build version of the files "McAfeeFire.exe", "FireSvc.exe" & "FireTray.exe" in the properties it shows the correct 428
Anyone noticed same strange behaviours?
Or better, has any solutions?
I'm testing MDF 8.5 for a few weeks now.
I started very optimistic but the more I test it the more disapointed I get.
regards
Dave
Many rules that I distribute via epo are skipped by the firewall on the desktops???
example:
-I created following 2 rules (in epo console):
Rule 1:
- -Description:Allow Web Outgoing
-Action
ermit
-Protocol:TCP
-Direction:Outgoing
-Application:OUTLOOK.EXE (Match: That Path always and not the fingerprint) Drive: Any Path:Any
-Local Service(s):Range 1024 - 65535
-Remote Service(s):List 80, 443, 135
-Address: Any
-Log matching traffic: Enabled
-Active: Enabled
Rule 2:
- -Description:Block ALL Other Outlook traffic
-Action:Block
-Protocol:All IP Protocols
-Direction:Either
-Application:OUTLOOK.EXE (Match: That Path always and not the fingerprint) Drive: Any Path:Any
-Local Service(s):-
-Remote Service(s):-
-Address: Any
-Log matching traffic: Enabled
-Active: Enabled
-I distribute both rules (that goes all fine)
-Then I start Outlook on a client and chack the logs of the firewall with following conclusions:
- -Rule 1 works fine
-Rule 2 is totally ignored???
-What I did then to monitor the problem (on the client side):
1) -I duplicate rule 2 (I call it "Rule 3")
-Then I edit the Application of the rule (because I can't select the "Match" (rule handling) of a local created rule)
so the rule becomes:
Rule 3:
- -Description:Block ALL Other Outlook traffic (local rule)
-Action:Block
-Protocol:All IP Protocols
-Direction:Either
-Application:C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
-Local Service(s):-
-Remote Service(s):-
-Address: Any
-Log matching traffic: Enabled
-Active: Enabled
-Then I start Outlook on a client and chack the logs of the firewall with following conclusions:
- -Rule 1 works fine
-Rule 2 is totally ignored???
-Rule 3 works fine ??? (Why is the identical rule 2 skipped?)
2) -Then I changed the sequence of the 2 rules on the eposerver (rule2 followed by rule1) and distributed it
so the sequence now is:
- -Rule 2
-Rule 1
-Rule 3
- -guess what: Rule 2 works 100% OK
So my conclusion till now is that I CAN'T trust this firewall because it skips (critical) rules.
I'm using:
-Eposerver 3.5 (+patch5)
-MDF 8.5 + patch 4
Some other dissapointing topics are that:
-MDF 8.5 patch 4 doesn't get distributed via epo???
-When I install MDF 8.5 patch 4 locally via the setup, the About still shows the old build nr 260 instead of 428
but when I check the build version of the files "McAfeeFire.exe", "FireSvc.exe" & "FireTray.exe" in the properties it shows the correct 428
Anyone noticed same strange behaviours?
Or better, has any solutions?
I'm testing MDF 8.5 for a few weeks now.
I started very optimistic but the more I test it the more disapointed I get.
regards
Dave