topic Re: SMB appliance 1570 Pre Manual Rules in Spark Firewall (SMB)

SMB appliance 1570 Pre Manual Rules

Attiq786 — Fri, 26 Feb 2021 00:03:50 GMT

Hi All,

one of our clients has seven 1570 SMB appliances and they were configured by someone who has left the company.

we are having an issue with one of the gateways which was connected just to find out that there is a Pre Manual rule at the top which is managed by cloud services and blocking all internet traffic as per attached.

All devices are managed by SMP, but on smb management portal, I cannot find the block rule. I have tried to uncheck the box (Manage in SMP) so firewall blade and access policy are not managed from cloud but it does not let me edit Pre manual rules and I cannot find where these rules are defined on the portal. access rules and URL sections are empty in the portal.

I have also tried disabling cloud services and enabling them again but the rule cannot be edited at all.

any suggestions please?

Re: SMB appliance 1570 Pre Manual Rules

G_W_Albrecht — Fri, 26 Feb 2021 11:32:11 GMT

This is documented in sk118035 and in Security Management Portal Administration Guide R12.30 p.41f:

Pre local rules are fetched before the local manual rules (created in the local settings of the Firewall Software Blades). A local administrator cannot create manual rules to override pre local rules configured by the SMP administrator.
Note - The gateway local administrator can edit only the manual rules. Pre/post local rules are locked.
Pre/post local rules are managed by Cloud Services. When you turn off Cloud Services, the pre/post local rules are deleted.

So if there is no higher SMP Administrator Account available i would suggest to contact TAC.

Re: SMB appliance 1570 Pre Manual Rules

Attiq786 — Fri, 26 Feb 2021 11:42:45 GMT

@G_W_Albrecht Thanks for the reply.

I have contacted TAC and as usual they advise to upgrade the firmware.

I read the manual and found the same statement to turn off cloud services. did that but that did not help.

Thanks for your help.

Re: SMB appliance 1570 Pre Manual Rules

G_W_Albrecht — Fri, 26 Feb 2021 11:54:17 GMT

I would do a reset to factory defaults keeping the firmware version (after creating a backup file and removing it from SMP) and connecting to SMP again. Upgrading to R80.20.20 (992001869) as suggested by CP is a good idea, but i think it will not resolve the issue 8)

Re: SMB appliance 1570 Pre Manual Rules

Attiq786 — Fri, 26 Feb 2021 11:58:32 GMT

Thanks. this seems better option.

Re: SMB appliance 1570 Pre Manual Rules

G_W_Albrecht — Mon, 01 Mar 2021 12:04:34 GMT

Did you try that yet ?

Re: SMB appliance 1570 Pre Manual Rules

Attiq786 — Mon, 01 Mar 2021 13:46:03 GMT

Hi @G_W_Albrecht

CP advised to install an EA firmware, which i refused to do on a production environment. After escalation, they have advised to delete the device from SMP and add again, as these rules were no where to be seen on SMP.

doing that today. will update if successful.

Re: SMB appliance 1570 Pre Manual Rules

Attiq786 — Wed, 03 Mar 2021 13:18:34 GMT

we tried to replace the firewall again and without doing any suggested actions, i tried to remove the rules but i could not. strangely though i could disable them. which sorted the issue.

did not have to disconnect from cloud. Not sure what happened.

Re: SMB appliance 1570 Pre Manual Rules

G_W_Albrecht — Wed, 03 Mar 2021 13:30:17 GMT

Not understandable to me, but glad it works now !