"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
Some NAT Rules using service definition ANY no longer work as of 7 300
Firewall has DNAT/SNAT rules which specify the "Any" service definition in the Traffic Service field, and also specify something in the Destination Service field. Prior to 7.300, this rule was functioning, but after upgrading to 7.300, the rule is disabled. Re-enabling it fails, and highlights the Traffic Service field.
Applies to the following Sophos Product and version
Operating systems V7
Traffic Source: Any Traffic Service: --> Any <-- Traffic Destination: External(Address) NAT Mode: DNAT Destination: Internal_Server Destination Service: --> HTTP <--
However, the source section would also apply to ICMP ping packets, and the above rule is asking that they be translated to TCP port 80 packets, which is impossible.
If you are specifying "Any" as the destination service, then click the orange recycle box icon to clear that field, and hit save. The rule can now be enabled, and will work as before. If you are specifying a destination port, you must create a new service to replace the use of Any. Service Type: TCP/UDP (Can also be just TCP or UDP if that is all that is needed)
Destination Port:--> 1:65535 <-- Source Port: 1:65535
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.