Endpoint Security Firewall doesn't honor "Allow bridged traffic" when the host operating system uses a Wi-Fi network
Last Modified: 2023-01-17 09:23:48 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Endpoint Security Firewall doesn't honor "Allow bridged traffic" when the host operating system uses a Wi-Fi network
Technical Articles ID:
KB95983
Last Modified: 2023-01-17 09:23:48 Etc/GMT Environment
Endpoint Security (ENS) Firewall 10.x Virtual Machine (VM) environment with Wi-Fi network Problem
ENS Firewall blocks bridged traffic on a host operating system that uses a Wi-Fi adapter if the option Allow bridged traffic is enabled.
Cause
If the Allow bridged traffic option is enabled, the following packets are allowed:
References:
Solution
This scenario occurs only when using a Wi-Fi network on a system. This behavior is expected. The Allow bridged traffic option allows packets that have a VM MAC address.
Workaround 1
Use a wired network on the system.
Workaround 2
Create ENS Firewall rules that allow Guest VM network traffic on the system that uses a Wi-Fi network.
Related Information
For Hyper-V environments, network traffic may not be logged by the ENS Firewall product, depending on how the VM Guest network adapter configuration is set. If a VM Guest network is set to EXTERNAL NETWORK, the network traffic flows through a separate Hyper-V network stack that can't be seen by the ENS Firewall drivers on the VM Host. This prevents the VM Host (that's running ENS Firewall) from seeing any network traffic from the VM Guest, since the VM Guest network traffic no longer flows through the VM Guest's own Windows Network TCP stack. In this scenario, the VM Guest network traffic isn't logged to the ENS Firewall log files residing on the VM Host system and the ENS Firewall "Allow bridged traffic" feature isn't applicable.
Affected ProductsLanguages:This article is available in the following languages: |
|