Jump to content

Manually Firewall Rule Not Working

djmcfar
 Share
Go to solution Solved by itman,

Recommended Posts

djmcfar

djmcfar 0

Posted
Posted

Looking for an explanation of why I needed to run ESSP in interactive mode to enable access to a TCP port that already had a manually entered firewall rule, I decided to try another one just for testing, and got the same result.

The test rule for the server is shown in the below photos (port 4321), along with a Wireshark capture showing the failed connection attempt from the client. I don't see why this rule isn't working. If anyone can shed light on it it would much appreciated.

 

fw-general.png

fw-local.png

fw-rules.png

fw-wireshark.png

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

When the inbound communication is blocked, carry on as follows:

  1. Enable advanced logging under Help and support -> Technical support
  2. Reproduce the issue
  3. Stop logging
  4. Collect logs with ESET Log Collector and upload the generated archive here. Add information about the IP address of the machine that attempted to connect to the server, just in case.
Link to comment
Share on other sites
djmcfar

djmcfar 0

Posted
  • Author
Posted

I ran the Log Collector using the recommended settings for technical support (see photo below). One of the 2 warnings in the Log Collector log was that 'C:\ProgramData\ESET\ESET Security\EpfwUser.dat' was not found (I noticed that there was no attempt to pack it either, and in fact the file does not exist - see photos below). The archived log is attached to this message.

Interesting that the missing file is 'EpfwUser.dat' considering the the user created rules don't work.

 

Log-Collector.png

User-FW-Rules-Not-Packed.png

WARNING-File-Not-Found.png

essp_logs.zip

Link to comment
Share on other sites
  • Solution
itman

itman 1,659

Posted
  • Solution
Posted

It appears you created two firewall rules and specified that inbound/outbound network traffic from/to trusted local subnet IP addresses be allowed. I really don't know what the effect of specify trusted zone for the local connection would be since by default, only inbound traffic is  going to be allowed to your specific device. Trusted zone should only be specified for remote connection field.

Additionally, refer to the below screen shot. By default when Eset network processing sets up a network connection, it defers to the Windows firewall profile which in Win 10/11 is Public; i.e. Untrusted, by default. If you are going to condition Eset firewall rules by the use of trusted zone parameter, the Eset network connection must be set to Trusted network. Otherwise, all network traffic will be blocked for any firewall rule when trusted zone parameter is used. You might want to set Eset firewall to display its default firewall rules. This will give you a reference on how Eset uses the trusted zone parameter.

Eset_Trusted.thumb.png.ca68de33e2ff364db935647a5e5ac516.png

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...