ESSBE network trouble....

Discussion in 'ESET Smart Security' started by Computec, Nov 5, 2010.

Thread Status:
Not open for further replies.
  1. Computec

    Computec Registered Member

    Joined:
    Nov 5, 2010
    Posts:
    7
    Hi.
    I have a question about ESSBE.
    Recently i have instaled ESSBE into two servers W2003R2.
    Those server run under xenserver virtualization plataform.
    I can run ESSBE vith xenserver 5.5, but after upgrade do 5.6, all network conections simply not comunicate.
    Reinstalling virtual guest on a new xenserver 5.6 and before instaling ESSBE, all works without trouble. Install ESSBE, network lost... Remove ESSBE, works...

    Any ideas about this issue ?:doubt:

    Att.
    Daniel - Computec
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Does switching firewall integration to "Only scan application protocols" and restarting the computer make a difference? What mode did you have the firewall running in? (automatic, interactive, policy-based or learning mode)
     
  3. Computec

    Computec Registered Member

    Joined:
    Nov 5, 2010
    Posts:
    7
    Hi, sorry for the delay on answer...
    Yes, switch to this option enables network comunication....
    Whit this option i lost funcionality ?

    Daniel
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Yes, doing so disables the firewall. Re-enable integration, restart the computer, enable logging of blocked connections in the IDS setup, reproduce the problem and eventually post here the recent relevant records from the firewall log.
     
  5. Computec

    Computec Registered Member

    Joined:
    Nov 5, 2010
    Posts:
    7
    Same issue, no network communication.

    Only entry in log is:
    8/11/2010 18:27:51 Comunica??o negada por regra 10.40.3.20:138 10.40.3.255:138 UDP Bloquear solicita??es NETBIOS de sa?da System AUTORIDADE NT\SYSTEM

    this entry occurs repeated....

    Any ideas?

    This occur with the new PV Network drivers on Xenserver 5.6, can easily reproduced....

    Att.
    Daniel
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    What subnet do you have in the trusted zone?
     
  7. Computec

    Computec Registered Member

    Joined:
    Nov 5, 2010
    Posts:
    7
    Hi.
    10.40.3.0/255.255.255.0
     
  8. Computec

    Computec Registered Member

    Joined:
    Nov 5, 2010
    Posts:
    7
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Make sure that you have the "Allow incoming/outgoing NETBIOS request in the trusted zone" rules enabled (they are by default). In such case, providing that you actually have the subnet 10.40.3.0/255.255.255.0 in the TZ, the above mentioned rules should take precedence over the "Block incoming/outgoing NETBIOS requests" rules.
     
  10. Computec

    Computec Registered Member

    Joined:
    Nov 5, 2010
    Posts:
    7
    Hi Marcos.
    Rules are default.
    Netbios broadcast bloqued request are the only that appear on log.
    I guess when a ping request to or from the server should apear on logs, but anything else show on logs, nor pass or bloqued.
    Packet Activity on network adapter dont increment anything, sounds like a deactivated network interface.
    I have 3 servers into this state, and need to upgrade a few more servers.
    Disabling firewall solves, but those networks cannot work safe without firewalling.
    I have indicated several clients to use ESSBE, and need some support from Esset. I have no response directly from resealer in Brazil.

    Thanks in advance, Daniel - Computec
     
Thread Status:
Not open for further replies.