Jump to content

Mac policy Personal Firewall Port issue

Recommended Posts


The info tool-tip next to the setting to define ports to allow for custom Firewall rules shows that you can list multiple ports/rule separated by comma, but in my testing, the Endpoint only respects the first port on the list (meaning, it only opens up that port and ignores the rest).  If this is true, I'm left with setting up separate rules/port/IP address which is extremely frustrating and unmanageable.  Has anyone overcome this?



Edit: Port ranges do apply.

Edit2: So I also just changed the policy to the open circle instead of the closed one so that I could edit on the client.  Now all of the firewall rules I defined by hand are gone.  Deleted.  There was no warning of this, ERA just deleted them.

Edit3: Since I haven't received an answer to this, it should serve as a warning to interested Mac admins.  The firewall settings work fine once they're configured but the way this is implemented, this isn't very manageable.  As it turns out, not only do the settings not respect multiple IP's/rule, but they don't respect multiple ports either.  So for a particular type of traffic, you may need to define multiple rules for the following considerations: Port, IP, protocol.  To allow filesharing traffic (for instance) outbound on managed traffic to three servers, I had to set no less than 15 rules whereas in other interfaces, I only had to define a single rule.  So now if I change the IP of any of those servers, I'm changing no less than 5 rules for traffic to that IP.  The windows side seems a bit more manageable, but this is going to be very bad particularly in cases where I need to define rules for AD communication.  I have contacted support directly as a well, and while no one is willing to explicitly say it, this feature seems like it could be better implemented.




Edited by schnibitz
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...