'no usable rule found' is killing ERA service

Discussion in 'Other ESET Home Products' started by Adramalech, Mar 13, 2009.

Thread Status:
Not open for further replies.
  1. Adramalech

    Adramalech Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    79
    Hi,


    Is there a way to permanently block 'no usable rule found', well at least for IPv6 dhcp multicasts (Target ff02::1:2.:547).
    Apparently, the firewall does not handle those rules unless a IPv6 stack is installed because a corresponding rule (add IPv6 Address) was only creatable on a computer with IPv6 enabled.

    A rule for dropping those requests without a log has been created and it shows no effect.
    Seriously, this needs to be implemented if not already since it generates several thousand(!) logs a day and it's killing ERA Server service (service needs to be restarted to service the remote Console. After a few minutes it's the same again because clients are storming ERA).


    Cheers
    Adra



    P.S.: Unfortunatelly, there's no way at present to locate and disable the machines and their IPv6 stack, causing those multicasts.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I assume that you have logging of blocked connection attempts enabled. This option serves for debugging purposes and should be enabled only for a while as it can produce tons of log records that may cause abnormal strain on ERA servers.
     
  3. Adramalech

    Adramalech Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    79
    Do you mean the 'Log all blocked connections' in IDS and advanced options tree?

    Yes it's enabled because it's firewall best practice to have a clean-up rule logging all dropped / rejected traffic.
    Also, it's kind of hard to tell if a connection was blocked by ESS if you're not able to see it in ERA and even in the best managed client networks it's easy to slip well-used applications and/or networks. At least it's harder to maintain a stable rule base on a client then on a gateway.


    Either way, I assume those features are not present or work as I described (IPv6 rules are only working with an IPv6 enabled OS but still logged).
    I will give it a try with disabling the option though.
     
Thread Status:
Not open for further replies.