cancel
Showing results for 
Search instead for 
Did you mean: 

Why am I unable to add certain Applications to IP Firewall Policies?

Why am I unable to add certain Applications to IP Firewall Policies?

jwade
New Contributor II

I am trying to block certain built-in Applications via IP Firewall Policy, but when I try to update the APs with the modified configuration, I receive an "Unknown error".

 

For example, one Application I'm trying to block is XVPN. I can add it to an IP Firewall Policy without issue, but then when I try to update an AP350 with that modified policy, I get this error: The CLI 'service L7-XVPN app-id 1861' execute failed, cause by: Unknown error.

 

Is it the case that some Application signatures are not supported on some APs or HiveOS versions? If so, is that information documented somewhere?

1 ACCEPTED SOLUTION

dsouri
Contributor III

Hi @Jason Wade​ ,

 

Could you SSH into the AP and run the command that was failing?

 

service L7-XVPN app-id 1861

 

Occasionally CLI failures are due to specific commands or in some case due to firewall restrictions.

 

Can you confirm the firewall is allowing Hivemanager Traffic?

 

First, go to About Hivemanager

0afbce656b854245bf0c98ed7805425d_0690c000006VCNHAA4.png

 

Then Firewall Guidelines

Firewall_Guidelines

 

 

If Firewall/Content filter isn't the issue, could you open a case so we could assist directly?

 

Let me know what works best,

 

David Souri

HiveCommunity Moderator

View solution in original post

8 REPLIES 8

jwade
New Contributor II

Sorry for taking a while to reply, busy end of school year here.

 

I ssh'd into it and the command gives this error:

Invalid app-id 1861 encountered!

ERROR: Invalid parameter(s)

 

It does the same on the previous Golden of 6.5r8b and the new Golden 6.5r9a

 

So it looks like some APs don't support all of the app signatures that are available in NG which is fine, but it would be great if it failed in a way that still allowed the config portions that are supported to load and gave a more detailed error in the HM.

dsouri
Contributor III

Hi @Jason Wade​ ,

 

Could you SSH into the AP and run the command that was failing?

 

service L7-XVPN app-id 1861

 

Occasionally CLI failures are due to specific commands or in some case due to firewall restrictions.

 

Can you confirm the firewall is allowing Hivemanager Traffic?

 

First, go to About Hivemanager

0afbce656b854245bf0c98ed7805425d_0690c000006VCNHAA4.png

 

Then Firewall Guidelines

Firewall_Guidelines

 

 

If Firewall/Content filter isn't the issue, could you open a case so we could assist directly?

 

Let me know what works best,

 

David Souri

HiveCommunity Moderator

jwade
New Contributor II

Yep. That's the version we are running. We run the golden on all of our APs.

dsouri
Contributor III

Hi Jason,

 

This may be the case, but could you advise which HiveOS the AP350 is currently running?

 

As of this message, HiveOS 6.5r8b is the Golden Release for the AP350.

 

Please find that detail and more at:

https://docs.aerohive.com/330000/docs/help/english/ng/Content/learning-whats-new.htm

4640f39efe374a5da0252cfae400c565_0690c000006V31HAAS.png

 

-Thank you

GTM-P2G8KFN