schnibitz

All, The info tool-tip next to the setting to define ports to allow for custom Firewall rules shows that you can list multiple ports/rule separated by comma, but in my testing, the Endpoint only respects the first port on the list (meaning, it only opens up that port and ignores the rest). If this is true, I'm left with setting up separate rules/port/IP address which is extremely frustrating and unmanageable. Has anyone overcome this? Thanks! Edit: Port ranges do apply. Edit2: So I also just changed the policy to the open circle instead of the closed one so that I could edit on the client. Now all of the firewall rules I defined by hand are gone. Deleted. There was no warning of this, ERA just deleted them. Edit3: Since I haven't received an answer to this, it should serve as a warning to interested Mac admins. The firewall settings work fine once they're configured but the way this is implemented, this isn't very manageable. As it turns out, not only do the settings not respect multiple IP's/rule, but they don't respect multiple ports either. So for a particular type of traffic, you may need to define multiple rules for the following considerations: Port, IP, protocol. To allow filesharing traffic (for instance) outbound on managed traffic to three servers, I had to set no less than 15 rules whereas in other interfaces, I only had to define a single rule. So now if I change the IP of any of those servers, I'm changing no less than 5 rules for traffic to that IP. The windows side seems a bit more manageable, but this is going to be very bad particularly in cases where I need to define rules for AD communication. I have contacted support directly as a well, and while no one is willing to explicitly say it, this feature seems like it could be better implemented.

Thank you. If you don't mind, I'd actually prefer to chat with your support personnel. I wanted to confirm whether this was designed behavior but with your confirmation that it isn't, that gives me a place to begin with them. Thank you!

Hi Everyone, I'm trying to block outgoing traffic on the web ports: 80, 443. This doesn't seem to work even if I create an explicit rule in the personal firewall that limits this traffic. I can use Web Access Protection to block this traffic though. Does the personal firewall ignore rules that apply to these ports in lieu of Web Access Protection? Thanks in advance!

Okay thank you. This follow-up question isn't as important but I wanted to ask anyway. So is it the case that the endpoint OS is communicating IPv4 over IPv6, or the case that ESET is just seeing it that way? If it's the latter, why? Why would it see traffic that way for only that protocol and apparently nothing else?

Thank you for both of the replies. I'll check into all of that and see what I can do. Thanks again!

Everyone, Still new to the policies related to firewalls and ESET/ERA. If I define a policy to allow VNC traffic outbound to a specific IP (192.168.9.251) from the client and deny everything else except ESET policy traffic, I get the following in the logs: 6/29/17, 2:06:02 PM Communication denied by rule [::ffff:192.168.111.131]:49834 [::ffff:192.168.9.251]:5900 TCP Deny everything else /System/Library/CoreServices/Applications/Screen Sharing.app/Contents/MacOS/Screen Sharing I can fix this by changing the rule to allow VNC traffic to that exact IP (::ffff:192.168.9.251). But why? Why doesn't a normal IP designation work? I feel like I'm missing something in my explanation here so please fire away with questions. Hopefully this question still applies since it may not be 100% totally related to ERA.

Hi, I'm trying to get policies to apply to Active Directory groups using my ERA virtual appliance. I see in the dynamic groups you can specify users, but no groups. How do I accomplish what I'm trying to do? Thanks!