Firewall 2.0 functionality (Sophos Enterprise Console)

Question

Hi. I am using Firewall 2.0 clients and managing via the console. I've looked through the various documents and have a lingering question. "Allow by default" - it says traffic which has no matching rule is allowed. Does this mean all Outbound and Inbound are allowed? I am looking for a setting that allows all Outbound but blocks most inbound (except what I have set in the rules).

This thread was automatically locked due to age.

QC · Accepted Answer

Hello jb1111,

if you use Block by default and add global rules allowing Outbound TCP and UDP this should do what you want (this will still block outbound traffic for the other IP protocol types). Or you could add "block inbound IP" as the last global rule.

As to the events: what's the console log ? Just checked SEC/View->Firewall Events ... , SEC/View Computer Details and the client's Firewall Log. They all show the direction. Could you give an example please?

Christian :3387