Unable to edit a policy that contains a Subnet value using CIDR notation
Last Modified: 2022-03-02 20:18:45 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Unable to edit a policy that contains a Subnet value using CIDR notation
Technical Articles ID:
KB94226
Last Modified: 2022-03-02 20:18:45 Etc/GMT Environment
Endpoint Security (ENS) Firewall 10.7.0 February 2021 Update extension 10.7.0.843 ENS Firewall 10.6.1 February 2021 Update extension 10.6.1.1489 Summary
Recent updates to this article
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
Problem
The ENS Firewall Extension on the ePolicy Orchestrator (ePO) server has been updated to the February 2021 version. The firewall policies might become invalidated after you add or modify Local Network or Remote network entries using Subnet values (for example, IP addresses with CIDR notation entries like /24). After the changes are saved, the following error occurs after you try to open the policy again: The ePO server 2021-02-25 15:06:36,204 DEBUG [http-nio-8443-exec-19] servlet.ControllerServlet - Executing action: EditFireCoreFWRules.do 2021-02-25 15:06:36,206 ERROR [http-nio-8443-exec-19] servlet.ControllerServlet - Exception thrown by ActionBean: com.mcafee.endp.fw.catalog.model.AddressFormatException: Invalid network specification: 0000:0000:0000:0000:0000:ffff:0a14:1e28//96 at com.mcafee.endp.fw.catalog.model.IpAddress.normalizeIpAddress(IpAddress.java:597) at com.mcafee.endp.fw.catalog.model.IpAddress.setAddressString(IpAddress.java:128) at com.mcafee.endp.fw.catalog.model.IpAddress.<init>(IpAddress.java:64) at com.mcafee.endp.fw.catalog.support.FirewallPolicyDao.parseNetwork(FirewallPolicyDao.java:709) at com.mcafee.endp.fw.catalog.support.FirewallPolicyDao.parseAggregates(FirewallPolicyDao.java:651) at com.mcafee.endp.fw.catalog.support.FirewallPolicyDao.parseFromPolicy(FirewallPolicyDao.java:165) at com.mcafee.endp.fw.policies.fw.firecorerules.FirecoreRuleActions.prepareForEdit(FirecoreRuleActions.java:145) at com.mcafee.endp.fw.policies.ReentrantPolicyAction.editPolicy(ReentrantPolicyAction.java:68) at sun.reflect.GeneratedMethodAccessor3292.invoke(Unknown Source) Also, in the above error message, IPv4 addresses are stored in IPv6 format. For example, 0a = 10 14 = 20 1e = 30 28 = 40 System Change
This issue occurs after you upgrade to either of the following ENS Firewall extensions:
Solution
This issue is resolved in ENS 10.6.1 April 2021 Update and ENS 10.7.0 April 2021 Update. Firewall policies that are already affected by this issue aren't automatically fixed after upgrading the ENS Firewall extension. Technical Support must manually fix the affected Firewall policies. To contact Technical Support, go to the Create a Service Request page and log on to the ServicePortal.
Our product software, upgrades, maintenance releases, and documentation are available on the Product Downloads site.
NOTE: You need a valid Grant Number for access. See KB56057 - How to download product updates and documentation for more information about the Product Downloads site, and alternate locations for some products. Workaround 1
Workaround for on-premises ePO server customers NOTES:
Workaround 2
Workaround for MVISION ePO server customers:
AttachmentAffected ProductsLanguages:This article is available in the following languages: |
|