Jump to content

Zone and rule deployment through a centralised policy.


philmatthews
 Share

Recommended Posts

I am having some problems with deploying zones and rules within Eset using Administrator and Console versions 5.2.2

 

I am experiencing the same issue which is described here - https://forum.eset.com/topic/251-problem-with-my-own-zones-in-rules-editor/?hl=zone which doesn't seem to have been fixed yet, but I can work around that. The biggest problem seems to be that when you import zones and associated firewall rules through either manually importing an XML configuration file, or through centralised deployment, Eset alters the zone IDs, which breaks the firewall rule.

 

As an example, I have installed Endpoint Security and created two new custom zones. I've then created a firewall rule which refers to these two zones. When I export the configuration and look at the XML, these two new zones have the IDs 2 and 4 and are referred to in the firewall rule by those IDs.

 

If I then subsequently import that configuration into another Endpoint Security installation which already had several custom zones created, it imports my two custom zones, but gives them completely new IDs (in this case 8 and 9). The firewall rule is imported too, but still refers to zones 2 and 4, thus requiring me to manually intervene to re-point it to the zones. The same thing happens if I deploy the policy from the console. I have even tried altering the XML file to give the zones IDs which are not in use, but importing the zones always changes the IDs to the next sequentially available numbers.

 

So my question is how can I centrally deploy these custom zones and the firewall rule without having to manually intervene, and without having to delete any pre-existing zones from the client? Hopefully I'm missing something really obvious.

 

Thanks in advance for any help.

 

Link to comment
Share on other sites

Hello philmatthews,
 
So the easiest way to do this is to make sure all zones are set in the Policy Manager in ERA. Once ths is done check the box that says "Discard all previous settings on the target computer" in the lower right corner of the same window. When you set up al zone make sure they are in the order you want them in.

Link to comment
Share on other sites

Thanks William, but as stated, I need to do this without deleting existing zones. It would be ideal if we could do our zone management centrally, but in practise, it just won't work for us.

 

Surely this is a bug? It's understandable that Endpoint renumbers the Zones when you import them, but it seems like an oversight that when doing so, it doesn't also adjust any references in firewall rules which mention those zones.

Edited by philmatthews
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...