This issue occurs when the ENS Firewall rules policy contains one or more Adaptive rules or user-defined rules with hundreds to thousands of single IP addresses included under local network or remote network. As a result, the size of the policy increases and there’s a long delay in fully completing the policy enforcement to the ENS Firewall Business Object Hosting server.
NOTE: The same issue can occur if the ENS Firewall Options policy has hundreds of IP addresses as trusted networks or trusted executables.
Here's an example of what the ENS Firewall debug log
Firewall_Debug.log captures if there are thousands of single IP addresses included in the ENS Firewall rules policy:
2020-07-02 18:05:07.199Z|Debug |FirewallBL |mfefw | 5412| 5404|FIREWALL |FWRulePolicyContainer.cpp(928) | RulePolicyContainer::EnforcePolicy begin.
……….
2020-07-02 18:11:13.980Z|Debug |FirewallBL |mfefw | 5412| 5404|FIREWALL |FWRulePolicyContainer.cpp(935) | Rule policy enforcement completed.
…
2020-07-02 18:20:07.670Z|Debug |FirewallBL |mfefw | 5412| 6528|FIREWALL |FWRulePolicyContainer.cpp(928) | RulePolicyContainer::EnforcePolicy begin.
……….
2020-07-02 18:26:14.238Z|Debug |FirewallBL |mfefw | 5412| 6528|FIREWALL |FWRulePolicyContainer.cpp(935) | Rule policy enforcement completed.
…
2020-07-02 18:35:08.438Z|Debug |FirewallBL |mfefw | 5412| 5404|FIREWALL |FWRulePolicyContainer.cpp(928) | RulePolicyContainer::EnforcePolicy begin.
……….
2020-07-02 18:41:18.092Z|Debug |FirewallBL |mfefw | 5412| 5404|FIREWALL |FWRulePolicyContainer.cpp(935) | Rule policy enforcement completed.