cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ezim
Level 9
Report Inappropriate Content
Message 1 of 10
‎06-21-2021 08:19 AM

You are not authorized for this operation in ePO 5.10 Update 10 (ENS Firewall policy edit)

We are experiencing the issue described in KB90725 when trying to update Trellix Endpoint Security  Firewall policies
The issue occurs when trying to add or change "Network" entries from the "Firewall Catalog".


The Trellix ePolicy Orchestrator  Audit entry shows:
"The user security token does not match. The requested URL is /ENDP_FW_META/ENDP_FW_META/showRuleEditor.do and request "referer" field is https://OurServerName:8443/ENDP_FW_META/loadCatalog.do.

We do not have a "maxPostSize" set in the server.xml file.

Has anyone come across this and found a solution?

Trellix Endpoint Security
Trellix
Trellix Endpoint Security
McAfee Enterprise Products
View in Store
Trellix ePolicy Orchestrator
Trellix
Trellix ePolicy Orchestrator
McAfee Enterprise Products
View in Store
2 people had this problem.
0 Kudos
Reply
9 Replies
cdinet
Employee
Employee
Report Inappropriate Content
Message 2 of 10
‎06-21-2021 08:35 AM

Re: You are not authorized for this operation in ePO 5.10 Update 10 (ENS Firewall policy edit)

Please open a ticket with McAfee for this, I see another similar case in development, so this might need to go to dev.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
arunkumardurai
Level 7
Report Inappropriate Content
Message 3 of 10
‎02-28-2022 11:15 PM

Re: You are not authorized for this operation in ePO 5.10 Update 10 (ENS Firewall policy edit)

Hi,

We have the same issue with our ePO 5.10 and update. Please confirm if anyone have any solution for this.

0 Kudos
Reply
cdinet
Employee
Employee
Report Inappropriate Content
Message 4 of 10
‎03-01-2022 04:48 AM

Re: You are not authorized for this operation in ePO 5.10 Update 10 (ENS Firewall policy edit)

Add the maxpostsize value and set it to 4194304, which is 4MB. By default the value is not set which means ePO uses the default of 2MB.
You will need to add it in both the 8443 and 8444 connector sections.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
arunkumardurai
Level 7
Report Inappropriate Content
Message 5 of 10
‎03-02-2022 04:07 AM

Re: You are not authorized for this operation in ePO 5.10 Update 10 (ENS Firewall policy edit)

Thanks a lot, it is resolved after updating this.

0 Kudos
Reply
cdinet
Employee
Employee
Report Inappropriate Content
Message 6 of 10
‎03-02-2022 05:41 AM

Re: You are not authorized for this operation in ePO 5.10 Update 10 (ENS Firewall policy edit)

Thanks, please mark as solution what fixed your issue.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
bkdonigan
Level 7
Report Inappropriate Content
Message 7 of 10
‎01-19-2023 06:10 AM

Re: You are not authorized for this operation in ePO 5.10 Update 10 (ENS Firewall policy edit)

Just ran into this issue yesterday. So what exactly am I adding and to where? I saw the connector lines but I'm not exactly sure what to write and between each line

0 Kudos
Reply
cdinet
Employee
Employee
Report Inappropriate Content
Message 8 of 10
‎01-19-2023 07:03 AM

Re: You are not authorized for this operation in ePO 5.10 Update 10 (ENS Firewall policy edit)

KB90725 gives an example

  1. Example of the section in the server.xml file that causes the problem:
<Connector SSLEnabled="true" URIEncoding="UTF-8" maxPostSize="3096"
            acceptCount="100" 
            id="orion.server.https"
            keystoreFile="keystore/server.keystore"
            keystorePass="n2CNe4768s" maxConnections="500"
            maxHttpHeaderSize="8192" maxKeepAliveRequests="500"
            maxThreads="250" minSpareThreads="25"
            noCompressionUserAgents="gozilla, traviata" port="8443"
            processorCache="500"
            protocol="org.apache.coyote.http11.Http11NioProtocol"
            scheme="https" secure="true" server="Undefined"
            sessionCacheSize="400"
            sslEnabledProtocols="TLSv1.1, TLSv1.2" sslProtocol="TLS"
            truststoreFile="keystore/certAuthCa.truststore"
 
here is an example from mine, where that parameter doesn't exist
<Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" clientAuth="want" compressableMimeType="text/html,text/xml,text/css,text/javascript,text/json,application/x-javascript,application/javascript,application/json" compression="on" compressionMinSize="2048" disableUploadTimeout="true" enableLookups="false" id="orion.server.https" keystoreFile="keystore/server.keystore" keystorePass="x52Dd7vdaR" maxConnections="500" maxHttpHeaderSize="8192" maxKeepAliveRequests="500" maxSwallowSize="1073741824" maxThreads="250" minSpareThreads="25" noCompressionUserAgents="gozilla, traviata" port="8443" processorCache="500" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" server="Undefined" sessionCacheSize="400" sslEnabledProtocols="TLSv1.2" sslProtocol="TLS" truststoreFile="keystore/certAuthCa.truststore" truststorePass="x52Dd7vdaR" truststoreType="jks"/>
 
You can insert that parameter in each of the connectors if it doesn't exist - for example:
maxConnections="500" maxHttpHeaderSize="8192" maxKeepAliveRequests="500" maxSwallowSize="1073741824" maxThreads="250" minSpareThreads="25" maxPostSize="4096"

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
kosmerm
Level 7
Report Inappropriate Content
Message 9 of 10
‎05-11-2023 01:34 AM

Re: You are not authorized for this operation in ePO 5.10 Update 10 (ENS Firewall policy edit)

I have another similar issue .I have logged in with the account that created this rule set.  In Data Loss Prevention 11.6 --> DLP Policy --> MyPolicy , i press Edit and when i find my rule in active rule sets and click it , it gives me the error You are not authorized for this operation  , i added the maxPostSize="4096" but it didnt work. Can you propose a different solution? Or am i doing something wrong ?

0 Kudos
Reply
cdinet
Employee
Employee
Report Inappropriate Content
Message 10 of 10
‎05-11-2023 05:56 AM

Re: You are not authorized for this operation in ePO 5.10 Update 10 (ENS Firewall policy edit)

Yes, add a max post size value large enough to cover the firewall size.  You can export the policy to see how large it is.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC