ESET firewall v8 to V9 migration

[Patch 16]

I recently upgraded several computers from ESET Smart Security v8 to v9. I use the firewall in interactive mode and have developed a reasonable number of specific rules so rather than a clean install and manual recreation of all the rules, I installed the newer version over the older, thus achieving migration of my v8 setting to v9 (as otherwise v8 configuration files are not compatible with v9). The procedure went well mostly. The problems I had were:

 

1) Firewall rules which use manually created zones in v8 are not functional or editable in v9. They are displayed in

ESET SS v9 -> Setup -> Network protection -> Personal firewall -> Configure -> Rules edit

Rule information appears correct except the zone label is not displayed.

But if one of these rules is selected on this screen and the "Edit" button clicked, a blank pop up windows frame is displayed.

The rule also does not function despite being displayed.

I believe this is a program bug in the v8 to v9 settings migration code.

 

2) ESET Smart Security v9 enables adding new rules manually but does not have an add similar rule or duplicate rule which v8 supported (a useful feature in my opinion).

 

3) ESET Smart Security v9 explicitly shows firewall rule evaluation order, a feature I like. It enables promoting or demoting a rule by one place or to the end of table. Multiple rules can be selected but not moved as a group, which would be a useful enhancement.

 

4) Column widths can be changed and need to be to see the typical rule name and Application path, but aren't saved. Another potential useful enhancement.

 

5) I would also like to group rules together which apply to the same application. I'm not sure the best way to achieve this, perhaps add a button or pop up menu to "Group Application's rules". They can manually be grouped at the moment but program support would be a nice enhancement.

Edited January 1, 2016 by Patch

[Patch 16]

After further testing, it seams zones with IP addresses outside of the local network maybe the problem. ESET created local zones appear to function as expected. I didn't have any user created local zones so I haven't tested that functionality.

 

The ESET setting migration code also converts IP ranges to subnets eg 192.168.1.12-192.168.1.30 is converted to 192.168.1.12/18 (or something similar, I forget the exact notation). Unfortunately the converted notation results in a non functional rule. Fortunately they can be edited back to the original notation which does work as expected.