Issue:
Firewall rule creation fails for one or more WithSecure Client Security hosts. WithSecure Policy Manager Console host Alerts list shows either one of the following alerts:
Warning: F-Secure firewall rule creation or modification failed.
From: <hostname>, <date/time>
Details: F-Secure firewall rule creation or modification failed. Rule name: <FirewallRuleName> (F-Secure) Error: Remote address is invalid Additional data: <domainName>
Warning: F-Secure firewall rule creation or modification failed.
From: <hostname>, <date/time>
Details: F-Secure firewall rule creation or modification failed. Rule name: <FirewallRuleName> (F-Secure) Error: Remote address is invalid Additional data: <ip.address goes.here ip.address.goes.here ip.address.goes.here>
Resolution:
If you have ::1 included which is the loopback address, this is not allowed. You need to specify addresses or ranges.
When in doubt, you can always try to add the rule manually via Windows Firewall and see the result.
Resolution if the Additional Data field contains a domain name:
When the firewall rule is implemented via the policy, the WithSecure Firewall Plug-in on the local client will try to resolve the domain name. Successfully resolved IP addresses are then used for the firewall rule creation.
The entry will have a TTL (time-to-live) of 240 minutes, after which the resolution of the domain name will be triggered again, in case the IP-addresses have changed. Currently the entries can hold up to 128 IP addresses per host/entry.
Note: If the address for the firewall rule is internal and the WithSecure client's host is currently remote without VPN connection to the internal network, the resolution will most likely fail.
Also, if DNS-queries are not forwarded, it can happen that the resolution of the domain name will fail.
Both scenarios might show the following error: WithSecure firewall rule creation or modification failed. Rule name: <FirewallRuleName> (F-Secure) Error: Remote address is invalid Additional data: <domainName>
Resolution if the Additional Data field contains a list of IP-addresses:
Double-check the formatting of the remote hosts-field for the firewall rule. For example, if multiple IP-addresses are specified, they need to be comma-separated. If the error message lists the addresses without commas, it could be an indicator that they are missing from the field.
The firewall rule creation wizard has tooltips on how to format entries in the remote hosts-field.
If you wish to filter out these alerts, follow these steps:
- Log in to the Policy Manager Console
- Select a host or policy domain from the Domain Tree
- Go to the Settings tab
- Go to the Alert sending page
- Look to the right of the Alert sending exclusions list and click Add
- Select Firewall as the Source
- Add a condition and select rule creation or modification failed as the Alert
- Click OK
- Distribute the policy (Ctrl + D)
Note: This will only make it so that new alerts will not appear on the alerts list. If you want to remove old alerts from the list, you can search all similar alerts with the search functionality, select all the similar alerts and then click delete.
Article no: 000025982