I am trying to block certain built-in Applications via IP Firewall Policy, but when I try to update the APs with the modified configuration, I receive an "Unknown error".
For example, one Application I'm trying to block is XVPN. I can add it to an IP Firewall Policy without issue, but then when I try to update an AP350 with that modified policy, I get this error: The CLI 'service L7-XVPN app-id 1861' execute failed, cause by: Unknown error.
Is it the case that some Application signatures are not supported on some APs or HiveOS versions? If so, is that information documented somewhere?
Solved! Go to Solution.
Hi @Jason Wade ,
Could you SSH into the AP and run the command that was failing?
service L7-XVPN app-id 1861
Occasionally CLI failures are due to specific commands or in some case due to firewall restrictions.
Can you confirm the firewall is allowing Hivemanager Traffic?
First, go to About Hivemanager
Then Firewall Guidelines
If Firewall/Content filter isn't the issue, could you open a case so we could assist directly?
Let me know what works best,
If you have the same model APs on the same firmware but using different application signatures, we'd probably need to open a case to start troubleshooting this for you. Would you be able to log a case with ATAC about this?
I am just getting back to this issue now that we have gotten past summer and the start of school.
It looks like the issue is that some of our APs have different Application Signature files than others even though they are on the same HiveOS release. I ran the "show application reporting applications" command on an AP350, an AP130, and an AP230. The AP350 listed 1,260 applications, whereas the other two both listed 1,889 applications. All three are running 6.5r9a.
I know in HiveManager Classic there was a separate menu option for updating the signatures, but it looks like that is not present in NG. I think that's because from some of what I've read the application signatures should be updated with the HiveOS, but it looks like that isn't happening on the AP350s at least.
This is still an issue as we need to block certain newer VPN apps at a site that has some of these APs.
I wanted to touch base. There have been some general Hivemanager Updates, so I wanted to see if anything has changed on this front.
If not, would you open a case so we can GoToMeeting and collect data to review?