'no usable rule found' is killing ERA service

Discussion in 'Other ESET Home Products' started by Adramalech, Mar 13, 2009.

Thread Status:
Not open for further replies.
  1. Adramalech

    Adramalech Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    79
    Hi,


    Is there a way to permanently block 'no usable rule found', well at least for IPv6 dhcp multicasts (Target ff02::1:2.:547).
    Apparently, the firewall does not handle those rules unless a IPv6 stack is installed because a corresponding rule (add IPv6 Address) was only creatable on a computer with IPv6 enabled.

    A rule for dropping those requests without a log has been created and it shows no effect.
    Seriously, this needs to be implemented if not already since it generates several thousand(!) logs a day and it's killing ERA Server service (service needs to be restarted to service the remote Console. After a few minutes it's the same again because clients are storming ERA).


    Cheers
    Adra



    P.S.: Unfortunatelly, there's no way at present to locate and disable the machines and their IPv6 stack, causing those multicasts.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,411
    I assume that you have logging of blocked connection attempts enabled. This option serves for debugging purposes and should be enabled only for a while as it can produce tons of log records that may cause abnormal strain on ERA servers.
     
  3. Adramalech

    Adramalech Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    79
    Do you mean the 'Log all blocked connections' in IDS and advanced options tree?

    Yes it's enabled because it's firewall best practice to have a clean-up rule logging all dropped / rejected traffic.
    Also, it's kind of hard to tell if a connection was blocked by ESS if you're not able to see it in ERA and even in the best managed client networks it's easy to slip well-used applications and/or networks. At least it's harder to maintain a stable rule base on a client then on a gateway.


    Either way, I assume those features are not present or work as I described (IPv6 rules are only working with an IPv6 enabled OS but still logged).
    I will give it a try with disabling the option though.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.