ichkriegediekriese 2 Posted September 19, 2016 Posted September 19, 2016 Hi! I am having difficulties of how firewall rules hierarchy is working through a number of policies: When I set FW rules for port exceptions in policy "A" at base level ("All" group) and then later apply policy "B" at sub-group or client level with FW rules what happens to the rules applied earlier? - I assume they just great "overwritten/erased" by policy "B" because I don't see the previous rules in the config menu even if it is the same FW profile - right? If this is the case, how can I "add" another rule to client without loosing previously applied rules? Do I really have to re-enter all rules again (this would be a PITA work) !? - I was expecting that all manually entered rules are saved in the DB and could be re-used in other policies. Can someone please enlighten me, the help doesn't cover this scenario :-)
Administrators Solution Marcos 5,450 Posted September 19, 2016 Administrators Solution Posted September 19, 2016 Firewall rules are handled as one setting, ie. the policy which is applied / forced will be used; rules are not merged from various policies. You can create a policy B which will be a copy of policy A and make the necessary changes in the firewall rules. Merging rules will be implemented in future versions of ERA.
bbahes 29 Posted September 19, 2016 Posted September 19, 2016 Firewall rules are handled as one setting, ie. the policy which is applied / forced will be used; rules are not merged from various policies. You can create a policy B which will be a copy of policy A and make the necessary changes in the firewall rules. Merging rules will be implemented in future versions of ERA. Future version as 6.x or 7 ?
ESET Staff MichalJ 434 Posted September 19, 2016 ESET Staff Posted September 19, 2016 This will be solved in Endpoint 6.5, currently scheduled for December 2016 / January 2017 (together with the ERA 6.5).
ichkriegediekriese 2 Posted September 20, 2016 Author Posted September 20, 2016 Firewall rules are handled as one setting, ie. the policy which is applied / forced will be used; rules are not merged from various policies. You can create a policy B which will be a copy of policy A and make the necessary changes in the firewall rules. Merging rules will be implemented in future versions of ERA. Hi, thx for the clarification - I think this is a clarification missing in the manual. To keep track of all the rules I applied all of them to the base policy bound to IP addresses, so every client only gets the rules it needs and I can't overwrite something by accident - fine with me in my smaller setup. I think it would be sufficient to store all custom rules in the DB and make them available for programming in other polices instead of merging, as merging seems to be more complicated - just my 2c
Recommended Posts