cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
User81021084
Level 7
Report Inappropriate Content
Message 1 of 5
‎11-08-2022 08:18 AM

ENS firewall rules to be imported into ePO policy

Jump to solution
Hello, I feel this should be a very simple issue, but it has beaten me so far. On one of my agents, I have used Adaptive mode with ENS firewall and generated rules that allow the installed software to function. I want to apply the same rules to other agents, running the same software. What tool do I use to import the rules into an ePO policy? Thanks for the help.
0 Kudos
Reply
1 Solution

Accepted Solutions
rfranci
Employee
Employee
Report Inappropriate Content
Message 2 of 5
‎11-08-2022 04:36 PM

Re: ENS firewall rules to be imported into ePO policy

Jump to solution

Hi @User81021084 ,

If i understand this correctly i believe you had a machine with ENS FW installed with adaptive mode enabled. This has created rules on the client that you want to be applied on other machine from EPO.

If this is the case, then you don't have to think of exporting the rules and importing that to EPO. Because the rules are already send to EPO (in non-readable format though). you will have to use a server task to translate that to a rule and directly add them to a global FW rules policy.

Below are the steps for example :

  1. Enable firewall adaptive mode on 1 machine that has the issue.
  2. Enforce the policy to the client machine.
  3. Reproduce the issue or leave for a day to capture all rules that it needs to allow the machine to function properly.
  4. Perform a wake-up agent call.
  5. Go to EPO  -> server task -> run the task named ' firewall property translator '. (if you are using Mvision EPO, you won't find this task as it is automated to translate all FW rules on every 15 minutes)
  6. This will add all the policy generated from adaptive mode on client to EPO - firewall client rules.
  7. Go to - Firewall client rules .
  8. Search for the machine and the rules it created.
  9. Add the rules, that it created to the firewall rules policy that is applied to machines that you want to test/allow the traffic .(you will have to modify the rules that are generated in some cases where you need policy to be applied to a wider machines).

Points to note : 
Adaptive rules that are generated will have very generic data, you will have to edit the generated rule to avoid opening connection a wider network that is not really necessary. In some cases you might want to edit the rule to fit wider network.

Also, you will have to be cautious and make sure that you don't allow all process that were captured by adaptive mode as it will have very generic process like explorer, PowerShell , svchost.exe ...etc

I hope you find helpful 

-Rohit Francis 
Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

Reply
4 Replies
rfranci
Employee
Employee
Report Inappropriate Content
Message 2 of 5
‎11-08-2022 04:36 PM

Re: ENS firewall rules to be imported into ePO policy

Jump to solution

Hi @User81021084 ,

If i understand this correctly i believe you had a machine with ENS FW installed with adaptive mode enabled. This has created rules on the client that you want to be applied on other machine from EPO.

If this is the case, then you don't have to think of exporting the rules and importing that to EPO. Because the rules are already send to EPO (in non-readable format though). you will have to use a server task to translate that to a rule and directly add them to a global FW rules policy.

Below are the steps for example :

  1. Enable firewall adaptive mode on 1 machine that has the issue.
  2. Enforce the policy to the client machine.
  3. Reproduce the issue or leave for a day to capture all rules that it needs to allow the machine to function properly.
  4. Perform a wake-up agent call.
  5. Go to EPO  -> server task -> run the task named ' firewall property translator '. (if you are using Mvision EPO, you won't find this task as it is automated to translate all FW rules on every 15 minutes)
  6. This will add all the policy generated from adaptive mode on client to EPO - firewall client rules.
  7. Go to - Firewall client rules .
  8. Search for the machine and the rules it created.
  9. Add the rules, that it created to the firewall rules policy that is applied to machines that you want to test/allow the traffic .(you will have to modify the rules that are generated in some cases where you need policy to be applied to a wider machines).

Points to note : 
Adaptive rules that are generated will have very generic data, you will have to edit the generated rule to avoid opening connection a wider network that is not really necessary. In some cases you might want to edit the rule to fit wider network.

Also, you will have to be cautious and make sure that you don't allow all process that were captured by adaptive mode as it will have very generic process like explorer, PowerShell , svchost.exe ...etc

I hope you find helpful 

-Rohit Francis 
Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Reply
User81021084
Level 7
Report Inappropriate Content
Message 3 of 5
‎11-09-2022 05:12 AM

Re: ENS firewall rules to be imported into ePO policy

Jump to solution

Thank you Rohit,

The server task is the kind of thing I was looking for. I have not come across that step in the past. 

I will give this a try.

Thanks again.

 

Roy D.

0 Kudos
Reply
ktankink
Employee
Employee
Report Inappropriate Content
Message 4 of 5
‎11-09-2022 08:52 AM

Re: ENS firewall rules to be imported into ePO policy

Jump to solution

To clarify, the ENS Firewall Property Translator task should not be in an ENABLED state and should only be ran manually if you don't want to wait until the next automated 15min run interval (as Rohit mentioned, the task already runs in the background within the ePO Server Tomcat service every 15 minutes). The task you see in the ePO Server Tasks menu is an ON-DEMAND task only and shouldn't be a need to run it very often (if at all).

Having the "manual" task running (e.g. if it's enabled and scheduled to run on a recurring basis) along with the "automated" background task can cause performance issues on the ePO server. The automated task also does not log to the ePO Server Task Log either.

0 Kudos
Reply
User81021084
Level 7
Report Inappropriate Content
Message 5 of 5
‎11-09-2022 11:17 AM

Re: ENS firewall rules to be imported into ePO policy

Jump to solution

Thanks for the help, you got me going in the right direction. 

I found the adaptive generated rules at the root of the 'Firewall client rules' tree. This happened after I forced the 'ENS Firewall Property Translator'. I am not certain they were not already there.

Be that as it may. I have added the necessary rules to the appropriate Fire Wall policy and all the servers are now operating as desired.

ktankink: Thanks for the clarification on the Translator service.

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC