search cancel

SEP 14.2 for Mac block's ssh with default firewall rules

book

Article ID: 175230

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

After upgrading SEP 14.x to 14.2 or later ,the ssh sessions can't connect using default firewall policy.

While this was working for with 14.0.3929.1000(14 RU1 MP2) or earlier

2019-05-28 14:22:05.256 KST DEBUG util.scheduler [2019-May-28 14:22:05.256466] [DEBUG] Scheduler sleeping for 00:00:59.999998 seconds


2019-05-28 14:22:06.525 KST DEBUG smc.SEPFWEventHandler [2019-May-28 14:22:06.525848] [DEBUG]SEPFirewallEventHandler::handlePacketFirewallEvent sending traffic log ( Rule Name: 다른 모든 IP 트래픽 차단, 기록, Protocol: TCP, Direction: Outgoing, LocalIPFamily: AF_INET, LoacalIP: 192.168.71.140, LocalIPv6: efff:500:ff08:80::, LocalPort: 49279, RemoteIPFamily: AF_INET, RemoteIP: 192.168.40.161, RemoteIPv6: f056:7c05:a47f::70e2:ce9d:ff7f:0, RemotePort: 10443, Action: Block, EmailAlert: 0, Severity: 15, CurrLocation: 기본값, UserName: cnthoth,Domain:local).


2019-05-28 14:22:07.556 KST DEBUG smc.SEPFWEventHandler [2019-May-28 14:22:07.556152] [DEBUG]SEPFirewallEventHandler::handlePacketFirewallEvent sending traffic log ( Rule Name: 다른 모든 IP 트래픽 차단, 기록, Protocol: TCP, Direction: Outgoing, LocalIPFamily: AF_INET, LoacalIP: 192.168.71.140, LocalIPv6: efff:500:ff08:80:5f5a:7373:4861:7368, LocalPort: 49279, RemoteIPFamily: AF_INET, RemoteIP: 192.168.40.161, RemoteIPv6: 80c0:df07:a47f::8079:506:100:0, RemotePort: 10443, Action: Block, EmailAlert: 0, Severity: 15, CurrLocation: 기본값, UserName: cnthoth,Domain:local).


2019-05-28 14:22:08.556 KST DEBUG smc.SEPFWEventHandler [2019-May-28 14:22:08.556340] [DEBUG]SEPFirewallEventHandler::handlePacketFirewallEvent sending traffic log ( Rule Name: 다른 모든 IP 트래픽 차단, 기록, Protocol: TCP, Direction: Outgoing, LocalIPFamily: AF_INET, LoacalIP: 192.168.71.140, LocalIPv6: ::3091:4b05:100:0, LocalPort: 49279, RemoteIPFamily: AF_INET, RemoteIP: 192.168.40.161, RemoteIPv6: 80c0:bf07:a47f::808a:8007:a47f:0, RemotePort: 10443, Action: Block, EmailAlert: 0, Severity: 15, CurrLocation: 기본값, UserName: cnthoth,Domain:local).

 

 

Environment

SEP Version : 14.2 and later

SEPM Version : 14.2 and later

Cause

By default, ssh is blocked by default Firewall rules. Firewall feature was first introduced in 14.2 for Mac clients. 14.0 client had no Firewall support

Resolution

Create new allow rule to allow remote port 22 (attached screenshot).

 

Attachments