ESS Firewall Breaks Sage Timberline/Pervasive

Discussion in 'ESET Smart Security' started by dwmtractor, Dec 9, 2009.

Thread Status:
Not open for further replies.
  1. dwmtractor

    dwmtractor Registered Member

    Joined:
    Dec 9, 2009
    Posts:
    46
    Location:
    San Jose, CA
    Just a quick warning to anyone out there that may come across the same issue I just encountered. There is something about the ESS Personal Firewall that does not play nicely with the Pervasive database (v.8.x) that is the backend to Sage Timberline, which is an accounting software in the construction industry.

    At seemingly random intervals, while people are using Timberline, they get kicked out of various modules with one (or more) of the following errors showing up in the Pervasive logs:
    • I/O Error. Pervasive status code 3006. The MicroKernel router detected an invalid session.
    • I/O Error. Pervasive status code 3110. The network layer is not connected
    • I/O Error. Pervasive status code 3111. Failure during send to the target server.
    • I/O Error. Pervasive status code 3112. Failure during receive from the target server.
    • I/O Error. Pervasive status code 3116. Please refer to the Pervasive documentation for more information on this status code


    At first I thought it was due to the Intrusion Protection system, since my logs were filling up with ARP Cache Poisoning warnings with the "attacker" being my Pervasive and file server. I turned off the entire personal firewall option via policy from the ERA, which completely stopped these errors. After about 18 error-free hours, I implemented a suggestion from ESET support, to disable ICMP and ARP in the Intrusion Protection module of the personal firewall. I implemented this fix and re-started personal firewall by policy, and within five minutes, four separate users got kicked out of the system with error codes as above, though no events were logged in ERA.

    Obviously, I've re-disabled Personal Firewall for all Timberline and Pervasive users.

    This will be an ongoing support issue, I'm sure; just wanted to throw this out there for anyone else who may be experiencing similar grief.

    I asked support whether there was an option to whitelist a complete LAN subnet, or individual IP addresses, so that they would be excluded from firewall and intrusion protection checks. I have been told that as of now, there is not. Obviously, this is a necessary future enhancement for corporate customers.
     
  2. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    I am unfamiliar with Sage Timberline, but am wondering if you have tried enabling the "Maintain inactive TCP connections" option in the Allowed Services section? If so, what difference, if any, did that make?

    Regards,

    Aryeh Goretsky
     
  3. dwmtractor

    dwmtractor Registered Member

    Joined:
    Dec 9, 2009
    Posts:
    46
    Location:
    San Jose, CA
    I did not, but I seriously doubt that setting would make a difference since it was very active connections--sending and receiving fairly large quantities of data--that got booted off.

    Unfortunately, since this is our mission-critical accounting software, I really don't have the liberty to experiment with a multitude of settings. I'm going to wait for IP- or subnet-based whitelisting before I try again, to preserve my own hide! :D
     
Thread Status:
Not open for further replies.