SuSE Firewall is Blocking BES Traffic - BES Client
Log In or Register to download the BES file, and more.

0 Votes

Description

The listed computers are using SuSEfirewall2 and are not configured to allow inbound UDP traffic on the port used by BES (BES uses port 52311 by default).

The BES Server and BES Relays send UDP packets to the BES Clients to notify them that there is new information available such as new Fixlet messages, actions, and computer refreshes. BES Clients on relevant computers will not receive UDP notification packets and therefore will not see new actions or new Fixlet messages until they gather the new actionsite, which is by default, once a day. After configuring iptables to allow inbound UDP traffic on the BES Listen Port, BES Clients will resume normal communication with the BES Server and BES Relays.

Note: After this action is applied, affected BES Clients will not report until they have performed their standard once-per-day gather or until the BES Client is restarted.

Note: Configuration changes made to SuSEfirewall2 will include port 52311 to the FW_SERVICES_EXT_UDP zone.


Property Details

ID235
TitleSuSE Firewall is Blocking BES Traffic - BES Client
CategorySupport
Download Size0
SourceBigFix
Source ID<Unspecified>
Source SeverityImportant
Source Release Date7/23/2009 12:00:00 AM
KeywordsBES UDP Clients Client TABLE
Added by on 10/17/2012 1:14:37 PM
Last Modified by on 10/17/2012 1:14:37 PM
Counters 6144 Views / 6 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 221 fixlets   * Results in a true/false
Show indented relevance
(if exists property "in proxy agent context" then ( not in proxy agent context ) else true )
Used in 17 fixlets   * Results in a true/false
Show indented relevance
version of client >= "6"
Used in 92 fixlets and 24 analyses   * Results in a true/false
Show indented relevance
version of client >= "5.1"
Used in 32 fixlets   * Results in a true/false
Show indented relevance
(if (version of client >= "8.0") then (unix of it) else ((it does not start with "Win" AND it does not start with "Mac OS X") of name of it)) of operating system
Used in 1 fixlet   * Results in a true/false
Show indented relevance
name of operating system starts with "Linux SuSE"
Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists file whose (name of it contains "SuSEfirewall2") of folders whose (name of it starts with "rc") of folder "/etc/init.d/"
Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists file "/etc/sysconfig/SuSEfirewall2" whose (NOT exists lines whose (it starts with "FW_SERVICES_EXT_UDP=" AND it contains "52311" AND it does not contain "%2252311 %22") of it)

Actions

Action 1 (default)

Action Link Click here to leave SuSEfirewall2 enabled, but also allow incoming traffic on the port reserved for BES.
Script Type BigFix Action Script
//Modify the SuSEfirewall2 saved ruleset
delete __appendfile
appendfile #!/bin/bash
if {exists file "/etc/sysconfig/SuSEfirewall2" whose (NOT exists lines whose (it starts with "FW_SERVICES_EXT_UDP=" AND it contains "%2252311 %22") of it)}
    appendfile sed -i 's/^FW_SERVICES_EXT_UDP="/FW_SERVICES_EXT_UDP="52311 /' /etc/sysconfig/SuSEfirewall2
endif
appendfile sed -i 's/"52311 "/"52311"/' /etc/sysconfig/SuSEfirewall2
appendfile /etc/init.d/SuSEfirewall2_setup restart
wait chmod +x "{(client folder of current site as string) & "/__appendfile"}"
wait "{(client folder of current site as string) & "/__appendfile"}"
delete __appendfile
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.

Action 2

Action Link Click here for information on how to make this action a "policy" action that will automatically open the BES port on any computer that has this Fixlet message relevant.
Script Type URL
http://support.bigfix.com/cgi-bin/kbdirect.pl?id=113
    

Action 3

Action Link Click here to disable SuSEfirewall2 firewall.
Script Type BigFix Action Script
delete __appendfile
appendfile #!/bin/bash
appendfile chkconfig --level 2345 SuSEfirewall2_final off
appendfile chkconfig --level 2345 SuSEfirewall2_setup off
appendfile chkconfig --level 2345 SuSEfirewall2_init off
appendfile /etc/init.d/SuSEfirewall2_setup stop
wait chmod 555 "{(client folder of current site as string) & "/__appendfile"}"
wait "{(client folder of current site as string) & "/__appendfile"}"
delete delete __appendfile
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!