Hi @brentil Please see the KB below.
KB94226 - Unable to edit a policy that contains a Subnet value using CIDR notation
Hello @ktankink ,
Have you guys got an estimate on when this issue is likely to be fixed?
I'd rather not implement workarounds or reconfigure firewall rules if a fix is to be expected soon.
Hi @ezim I can't share an exact date, but this is tentatively scheduled for a late April fix. I would recommend implementing the workaround though as it's just a single file replacement and it doesn't require anything special beyond that. Simply reloading the ePO Policy Catalog page for ENS Firewall will implement workaround the issue with the new ip.js file from the KB (e.g., no need to restart ePO services, etc.)
Or avoid using any Subnet CIDR values in your firewall rules for now. Alternatively, you can also use Subnet Range values instead and they would still be the same subnet entries as defined with CIDR notation values.
Thank you for your reply.
Am I correct in thinking then, that the issue only occurs if you try to update a firewall policy or "Firewall Catalog - Network" entry after the extension has been updated to 10.6.1.1489 (Feb 21 update) and the ip.js file has not been replaced?
The KB94226 mentions to export the FW policies and after replacing the ip.js file importing them again.
Is this only necessary if you've already got "broken" policies?
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: