| J.C. 的个人资料J.C.'s space日志网络 |  工具  帮助 |
|
|
4月30日 Cannot Connect to Virtual Machine -- McAfee HIPS Firewall.I was working on a Windows Server 2008 version of Hyper-V that had McAfee's HIPS firewall turned on. It had been on for several weeks without incident, when I needed to turn on and connect to a virtual machine. But whenever I tried to connect to a running VM a very generic "Cannot connect to the Virtual Machine" error popped up as shown below.
 It took me too long to figure out that the firewall was finally causing the issue. Adding the following firewall rule solved the issue:
TCP Incomming onPort 2179 fromPorts 1024-65535 fromIP: Any 4月8日 McAfee Host Intrusion Prevention (HIPS) Firewall doesn't allow PING, despite the default allow PING rule.After Deploying McAfee's Host Intrustion Prevention product (v7.0.3) to a desktop with the firewall turned on and the default "allow Ping" rule enabled, I was unable to ping a remote system.
The system was managed by ePO and the default rule set actually had two ping Rule Groups in place and enabled. The first "Ping and ICMP" had several rules that caused all manner of traffic between systems to crash and caused intermittent problems on the network, so it was deleted from the Polilcy. This left the "Ping" rule group, which included the rules "Allow ICMP Echo Request Outgoing" and "Allow ICMP Echo Reply Incoming."
"Allow ICMP Echo Request Outgoing" allowed ICMP echo requests outgoing to any IP for the PING.EXE application
"Allow ICMP Echo Reply Incoming." allowed ICMP echo replies incoming outgoing to any IP for the PING.EXE application
Looks prettry straight forward for allowing the machine to ping out, but outward pings would not work and there was a log entry stating that the ping request had been blocked??? HIPS is a complicated application and I was afraid that there was some obsure application blocking rule that restricted ping.exe. To test that it was actual a firewall error, I turned off the firewall. Pinging worked.
After modifying the rules several times and in various methods, I finally discovered that the fix was to not limit the application to ping.exe. Removing ping.exe from both rules, but otherwise leaving them unchanged allowed the target machine to ping outward.
|
|
|
