This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Why am I unable to add certain Applications to IP Firewall Policies?

Why am I unable to add certain Applications to IP Firewall Policies?

Go to solution
jwade
New Contributor II

‎04-20-2018 05:09 PM

I am trying to block certain built-in Applications via IP Firewall Policy, but when I try to update the APs with the modified configuration, I receive an "Unknown error".

 

For example, one Application I'm trying to block is XVPN. I can add it to an IP Firewall Policy without issue, but then when I try to update an AP350 with that modified policy, I get this error: The CLI 'service L7-XVPN app-id 1861' execute failed, cause by: Unknown error.

 

Is it the case that some Application signatures are not supported on some APs or HiveOS versions? If so, is that information documented somewhere?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
dsouri
Contributor III

‎05-23-2018 06:55 PM

Hi @Jason Wade​ ,

 

Could you SSH into the AP and run the command that was failing?

 

service L7-XVPN app-id 1861

 

Occasionally CLI failures are due to specific commands or in some case due to firewall restrictions.

 

Can you confirm the firewall is allowing Hivemanager Traffic?

 

First, go to About Hivemanager

0afbce656b854245bf0c98ed7805425d_0690c000006VCNHAA4.png

 

Then Firewall Guidelines

Firewall_Guidelines

 

 

If Firewall/Content filter isn't the issue, could you open a case so we could assist directly?

 

Let me know what works best,

 

David Souri

HiveCommunity Moderator

View solution in original post

0 Kudos
8 REPLIES 8

Go to solution
jwade
New Contributor II

‎08-29-2018 01:10 PM

The issue is with different model APs on the same firmware.

 

I'll go ahead and open a case though.

0 Kudos

Go to solution
samantha_lynn
Esteemed Contributor III

‎08-29-2018 12:54 PM

If you have the same model APs on the same firmware but using different application signatures, we'd probably need to open a case to start troubleshooting this for you. Would you be able to log a case with ATAC about this?

0 Kudos

Go to solution
jwade
New Contributor II

‎08-27-2018 04:36 PM

I am just getting back to this issue now that we have gotten past summer and the start of school.

 

It looks like the issue is that some of our APs have different Application Signature files than others even though they are on the same HiveOS release. I ran the "show application reporting applications" command on an AP350, an AP130, and an AP230. The AP350 listed 1,260 applications, whereas the other two both listed 1,889 applications. All three are running 6.5r9a.

 

I know in HiveManager Classic there was a separate menu option for updating the signatures, but it looks like that is not present in NG. I think that's because from some of what I've read the application signatures should be updated with the HiveOS, but it looks like that isn't happening on the AP350s at least.

 

This is still an issue as we need to block certain newer VPN apps at a site that has some of these APs.

 

0 Kudos

Go to solution
dsouri
Contributor III

‎06-26-2018 08:09 PM

Hi Jason,

 

I wanted to touch base. There have been some general Hivemanager Updates, so I wanted to see if anything has changed on this front.

 

If not, would you open a case so we can GoToMeeting and collect data to review?

 

Thank you,

David Souri

HiveCommunity Moderator

0 Kudos
GTM-P2G8KFN